March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2023-2646 – TP-Link Archer C7 V2 Vulnerability
May 16, 2023Rewterz Threat Alert – STRRAT Malware – Active IOCs
May 16, 2023Rewterz Threat Advisory – CVE-2023-2646 – TP-Link Archer C7 V2 Vulnerability
May 16, 2023Rewterz Threat Alert – STRRAT Malware – Active IOCs
May 16, 2023
Severity
High
Analysis Summary
CVE-2023-32313 CVSS:5.3
Node.js vm2 module could allow a remote attacker to bypass security restrictions, caused by a flaw in the node inspect method. By sending a specially-crafted request, an attacker could exploit this vulnerability to edit options for console.log.
CVE-2023-32314 CVSS:9.8
Node.js vm2 module could allow a remote attacker to execute arbitrary code on the system, caused by a sandbox escape flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Bypass Security
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-32313
- CVE-2023-32314
Affected Vendors
Node.js
Affected Products
- Node.js vm2 3.9.17
Remediation
Upgrade to the latest version of vm2, available from the vm2 GIT Repository.