CVE-2023-33227— Directory Traversal Remote Code Execution Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-33227
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directory Traversal Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SolarWinds Network Configuration Manager 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SolarWinds Network Configuration Manager是美国SolarWinds公司的一款易于使用的解决方案。 SolarWinds Network Configuration Manager存在路径遍历漏洞,该漏洞源于容易受到目录遍历远程代码执行漏洞的影响,允许低级别用户使用系统权限执行操作。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SolarWinds | Network Configuration Manager | 2023.3.1 and previous versions | - |
II. Public POCs for CVE-2023-33227
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-33227
请登录查看更多情报信息。
Same Patch Batch · SolarWinds · 2023-11-01 · 4 CVEs total
| CVE-2023-40061 | 8.8 HIGH | Insecure Job Execution Mechanism Vulnerability |
| CVE-2023-40062 | 8.0 HIGH | Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability |
| CVE-2023-33226 | 8.0 HIGH | Directory Traversal Remote Code Execution Vulnerability |
IV. Related Vulnerabilities
Same product: Network Configuration Manager
- CVE-2023-40055
SolarWinds Network Configuration Manager Directory Traversal - CVE-2023-40054
SolarWinds Network Configuration Manager Directory Traversal - CVE-2023-33228
SolarWinds Network Configuration Manager Sensitive Informati - CVE-2023-33226
Directory Traversal Remote Code Execution Vulnerability - CVE-2023-23842
SolarWinds Network Configuration Manager Directory Traversal
Same vendor: SolarWinds
- CVE-2024-29004
SolarWinds Platform Stored XSS Vulnerability - CVE-2024-28999
SolarWinds Platform Race Condition Vulnerability - CVE-2024-28072
Arbitrary File Overwrite Vulnerability - CVE-2024-29003
SolarWinds Platform Cross Site Scripting Vulnerability - CVE-2024-29001
SolarWinds Platform SWQL Injection Vulnerability
Same weakness: CWE-22
- CVE-2026-8274
npitre cramfs-tools Directory cramfsck.c do_directory path t - CVE-2022-50956
WordPress Plugin amministrazione-aperta 3.7.3 Local File Rea - CVE-2026-8215
Industrial Application Software IAS Canias ERP RMI iasReques - CVE-2026-42605
AzuraCast: Path Traversal in `currentDirectory` Parameter En - CVE-2026-42574
apko dirFS has a symlink-following path traversal that allow
V. Comments for CVE-2023-33227
No comments yet