Menu Close

Adobe Products Could Allow for Arbitrary Code Execution – PATCH NOW – TLP: CLEAR

TLP: CLEAR

MS-ISAC CYBERSECURITY ADVISORY

MS-ISAC ADVISORY NUMBER:
2023-142

DATE(S) ISSUED:
12/12/2023

SUBJECT:
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution

OVERVIEW:
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.

  • Adobe InDesign is a desktop publishing and page layout designing software application.
  • Adobe Dimension is a 3D rendering and design software.
  • Adobe Prelude is a discontinued ingest and logging software application.
  • Adobe Illustrator is a vector graphics editor and design program developed.
  • Adobe Experience Manager is a content management solution for building websites, mobile apps, and forms.
  • Adobe Substance3D Stager is a professional staging tool for scene design and rendering.
  • Adobe Substance3D Sampler is used for 3D meshes with textures, seamless materials, and HDR lights from real world images.
  • Adobe Substance3D After Effects is used to create 3D VFX and animations.
  • Adobe Substance3D is software for creating seamless textures and assets.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:
There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Adobe InDesign version ID19.0 and earlier, version ID17.4.2 and earlier.
  • Adobe Dimensions version 3.4.10 and earlier
  • Adobe Prelude version 22.6 and earlier
  • Adobe Illustrator 2024 version 28.0 and earlier
  • Adobe Illustrator 2023 version 27.9 and earlier
  • Adobe Experience Manager version 6.5.18.0 and earlier
  • Adobe Substance3D Stager version 2.1.1 and earlier
  • Adobe Substance3D Sampler version 4.2.1 and earlier
  • Adobe Substance3D After Effects version 24.0.3 and earlier, version 23.6.0 and earlier
  • Adobe Substance3D Designer version 13.0.0 and earlier

RISK:

Government:

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses:

  • Large and medium business entities: High
  • Small business entities: Medium

Home users: Low

TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:

Tactic: Execution (TA0002):

            Technique: Exploitation for Client Execution (T1203):

Adobe InDesign

  • Null Pointer Dereference could allow for application denial-of-service. (CVE-2023-47076, CVE-2023-47077)

Adobe Dimension

  • Out of Bounds Read could allow for a memory leak. (CVE-2023-47061, CVE-2023-47062, CVE-2023-47078, CVE-2023-47079)

Adobe Prelude

  • Access of an Uninitialized Pointer could allow for a memory leak (CVE-2023-44362)

Adobe Illustrator

  • Out of Bounds read which could allow for Arbitrary Code Execution (CVE-2023-47074)
  • Use After Free which could allow for Arbitrary Code Execution (CVE-2023-47075)
  • Out-of-bounds Write which could allow for Arbitrary Code Execution (CVE-2023-47063)

Adobe Experience Manager

  • Cross-site Scripting (Stored) could result in Arbitrary Code Execution (CVE-2023-48440, CVE-2023-48441, CVE-2023-48442, CVE-2023-48443, CVE-2023-48444, CVE-2023-48445, CVE-2023-48446, CVE-2023-48447, CVE-2023-48448, CVE-2023-48449, CVE-2023-48450, CVE-2023-48451, CVE-2023-48452, CVE-2023-48453, CVE-2023-48454, CVE-2023-48455, CVE-2023-48456, CVE-2023-48457, CVE-2023-48458, CVE-2023-48459, CVE-2023-48460, CVE-2023-48461, CVE-2023-48462, CVE-2023-48463, CVE-2023-48464, CVE-2023-48465, CVE-2023-48466, CVE-2023-48467, CVE-2023-48468, CVE-2023-48469, CVE-2023-48470, CVE-2023-48471, CVE-2023-48472, CVE-2023-48473, CVE-2023-48474, CVE-2023-48475, CVE-2023-48476, CVE-2023-48477, CVE-2023-48478, CVE-2023-48479, CVE-2023-48480, CVE-2023-48481, CVE-2023-48482, CVE-2023-48483, CVE-2023-48484, CVE-2023-48485, CVE-2023-48486, CVE-2023-48487, CVE-2023-48488, CVE-2023-48489, CVE-2023-48490, CVE-2023-48491, CVE-2023-48492, CVE-2023-48493, CVE-2023-48494, CVE-2023-48495, CVE-2023-48496, CVE-2023-48497, CVE-2023-48498, CVE-2023-48499, CVE-2023-48500, CVE-2023-48501, CVE-2023-48502, CVE-2023-48503, CVE-2023-48504, CVE-2023-48505, CVE-2023-48506, CVE-2023-48507, CVE-2023-48508, CVE-2023-48509, CVE-2023-48510, CVE-2023-48511, CVE-2023-48512, CVE-2023-48513, CVE-2023-48514, CVE-2023-48515, CVE-2023-48516, CVE-2023-48517, CVE-2023-48518, CVE-2023-48519, CVE-2023-48520, CVE-2023-48521, CVE-2023-48522, CVE-2023-48523, CVE-2023-48524, CVE-2023-48525, CVE-2023-48526, CVE-2023-48527, CVE-2023-48528, CVE-2023-48529, CVE-2023-48530, CVE-2023-48531, CVE-2023-48532, CVE-2023-48533, CVE-2023-48534, CVE-2023-48535, CVE-2023-48536, CVE-2023-48537, CVE-2023-48538, CVE-2023-48539, CVE-2023-48540, CVE-2023-48541, CVE-2023-48542, CVE-2023-48543, CVE-2023-48544, CVE-2023-48545, CVE-2023-48546, CVE-2023-48547, CVE-2023-48548, CVE-2023-48549, CVE-2023-48550, CVE-2023-48551, CVE-2023-48552, CVE-2023-48553, CVE-2023-48554, CVE-2023-48555, CVE-2023-48556, CVE-2023-48557, CVE-2023-48558, CVE-2023-48559, CVE-2023-48560, CVE-2023-48561, CVE-2023-48562, CVE-2023-48563, CVE-2023-48564, CVE-2023-48565, CVE-2023-48566, CVE-2023-48567, CVE-2023-48568, CVE-2023-48569, CVE-2023-48570, CVE-2023-48571, CVE-2023-48572, CVE-2023-48573, CVE-2023-48574, CVE-2023-48575, CVE-2023-48576, CVE-2023-48577, CVE-2023-48578, CVE-2023-48579, CVE-2023-48580, CVE-2023-48581, CVE-2023-48582, CVE-2023-48583, CVE-2023-48584, CVE-2023-48585, CVE-2023-48586, CVE-2023-48587, CVE-2023-48588, CVE-2023-48589, CVE-2023-48590, CVE-2023-48591, CVE-2023-48592, CVE-2023-48593, CVE-2023-48594, CVE-2023-48595, CVE-2023-48596, CVE-2023-48597, CVE-2023-48598, CVE-2023-48599, CVE-2023-48600, CVE-2023-48601, CVE-2023-48602, CVE-2023-48603, CVE-2023-48604, CVE-2023-48605, CVE-2023-48606, CVE-2023-48607, CVE-2023-48608, CVE-2023-48609, CVE-2023-48610, CVE-2023-48611, CVE-2023-48612, CVE-2023-48613, CVE-2023-48614, CVE-2023-48615, CVE-2023-48616, CVE-2023-48617, CVE-2023-48618, CVE-2023-48619, CVE-2023-48620, CVE-2023-48621, CVE-2023-48622, CVE-2023-48623, CVE-2023-48624)

Adobe Substance3D Stager

  • Out-of-bounds Read which could allow for a Memory leak. (CVE-2023-47080, CVE-2023-47081)

Adobe Substance3D Sampler

  • Out-of-bounds Write which could allow for Arbitrary Code Execution (CVE-2023-48625, CVE-2023-48626, CVE-2023-48627, CVE-2023-48628, CVE-2023-48629, CVE-2023-48630)

Adobe Substance3D After Effects

  • Out-of-bounds Write which could allow for Arbitrary Code Execution (CVE-2023-48632)
  • Use After Free which could allow for Arbitrary Code Execution (CVE-2023-48633)
  • Improper Validation Input which could allow for Arbitrary Code Execution (CVE-2023-48634)
  • Out-of-bounds Read which could allow for a Memory Leak (CVE-2023-48635)

Adobe Substance3D Designer

  • Out-of-bounds Write which could allow for Arbitrary Code execution (CVE-2023-48639)
  • Out-of-bounds Read which could allow for a Memory Leak (CVE-2023-48636, CVE-2023-48637, CVE-2023-48638)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply appropriate updates provided by Adobe to vulnerable systems immediately after appropriate testing. (M1051: Update Software)
    • Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
    • Safeguard 7.2: Establish and Maintain a Remediation Process: Establish and maintain a risk-based remediation strategy documented in a remediation process, with monthly, or more frequent, reviews.
    • Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
    • Safeguard 7.5 : Perform Automated Vulnerability Scans of Internal Enterprise Assets: Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
    • Safeguard 7.7: Remediate Detected Vulnerabilities: Remediate detected vulnerabilities in software through processes and tooling on a monthly, or more frequent, basis, based on the remediation process.
    • Safeguard 12.1: Ensure Network Infrastructure is Up-to-Date: Ensure network infrastructure is kept up-to-date. Example implementations include running the latest stable release of software and/or using currently supported network-as-a-service (NaaS) offerings. Review software versions monthly, or more frequently, to verify software support.
    • Safeguard 18.1: Establish and Maintain a Penetration Testing Program: Establish and maintain a penetration testing program appropriate to the size, complexity, and maturity of the enterprise. Penetration testing program characteristics include scope, such as network, web application, Application Programming Interface (API), hosted services, and physical premise controls; frequency; limitations, such as acceptable hours, and excluded attack types; point of contact information; remediation, such as how findings will be routed internally; and retrospective requirements.
    • Safeguard 18.2: Perform Periodic External Penetration Tests: Perform periodic external penetration tests based on program requirements, no less than annually. External penetration testing must include enterprise and environmental reconnaissance to detect exploitable information. Penetration testing requires specialized skills and experience and must be conducted through a qualified party. The testing may be clear box or opaque box.
    • Safeguard 18.3: Remediate Penetration Test Findings: Remediate penetration test findings based on the enterprise’s policy for remediation scope and prioritization.
       
  • Vulnerability scanning is used to find potentially exploitable software vulnerabilities to remediate them. (M1016: Vulnerability Scanning)
    • Safeguard 16.13: Conduct Application Penetration Testing: Conduct application penetration testing. For critical applications, authenticated penetration testing is better suited to finding business logic vulnerabilities than code scanning and automated security testing. Penetration testing relies on the skill of the tester to manually manipulate an application as an authenticated and unauthenticated user.
       
  • Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. (M1026: Privileged Account Management)
    • Safeguard 4.7: Manage Default Accounts on Enterprise Assets and Software: Manage default accounts on enterprise assets and software, such as root, administrator, and other pre-configured vendor accounts. Example implementations can include: disabling default accounts or making them unusable.
    • Safeguard 5.4: Restrict Administrator Privileges to Dedicated Administrator Accounts: Restrict administrator privileges to dedicated administrator accounts on enterprise assets. Conduct general computing activities, such as internet browsing, email, and productivity suite use, from the user’s primary, non-privileged account.
    • Safeguard 5.5: Establish and Maintain an Inventory of Service Accounts: Establish and maintain an inventory of service accounts. The inventory, at a minimum, must contain department owner, review date, and purpose. Perform service account reviews to validate that all active accounts are authorized, on a recurring schedule at a minimum quarterly, or more frequently
       
  • Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems. (M1030: Network Segmentation)
    • Safeguard 12.2: Establish and Maintain a Secure Network Architecture: Establish and maintain a secure network architecture. A secure network architecture must address segmentation, least privilege, and availability, at a minimum.
       
  • Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
    • Safeguard 10.5:  Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
       
  • Restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc. (M1021: Restrict Web-Based Content)
    • Safeguard 9.2: Use DNS Filtering Services: Use DNS filtering services on all enterprise assets to block access to known malicious domains.
    • Safeguard 9.3: Maintain and Enforce Network-Based URL Filters: Enforce and update network-based URL filters to limit an enterprise asset from connecting to potentially malicious or unapproved websites. Example implementations include category-based filtering, reputation-based filtering, or through the use of block lists. Enforce filters for all enterprise assets.
    • Safeguard 9.6: Block Unnecessary File Types: Block unnecessary file types attempting to enter the enterprise’s email gateway.
       
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources. (M1017: User Training)
    • Safeguard 14.1: Establish and Maintain a Security Awareness Program: Establish and maintain a security awareness program. The purpose of a security awareness program is to educate the enterprise’s workforce on how to interact with enterprise assets and data in a secure manner. Conduct training at hire and, at a minimum, annually. Review and update content annually, or when significant enterprise changes occur that could impact this Safeguard.
    • Safeguard 14.2: Train Workforce Members to Recognize Social Engineering Attacks: Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.

REFERENCES:

Adobe:

https://helpx.adobe.com/security.html
https://helpx.adobe.com/security/products/prelude/apsb23-67.html
https://helpx.adobe.com/security/products/illustrator/apsb23-68.html
https://helpx.adobe.com/security/products/indesign/apsb23-70.html
https://helpx.adobe.com/security/products/dimension/apsb23-71.html
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
https://helpx.adobe.com/security/products/substance3d_stager/apsb23-73.html
https://helpx.adobe.com/security/products/substance3d-sampler/apsb23-74.html
https://helpx.adobe.com/security/products/after_effects/apsb23-75.html
https://helpx.adobe.com/security/products/substance3d_designer/apsb23-76.html
 

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44362
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47062
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47063
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47081
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48442
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48443
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48444
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48445
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48447
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48448
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48451
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48452
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48453
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48455
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48456
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48457
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48458
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48459
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48478
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48480
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48482
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48483
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48484
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48485
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48486
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48489
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48490
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48492
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48493
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48494
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48495
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48496
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48497
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48498
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48500
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48503
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48505
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48506
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48507
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48508
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48509
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48510
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48511
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48513
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48514
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48515
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48516
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48517
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48520
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48527
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48529
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48533
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48536
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48537
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48538
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48539
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48540
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48542
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48544
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48545
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48546
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48547
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48548
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48549
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48550
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48551
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48552
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48553
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48554
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48555
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48557
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48558
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48559
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48561
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48563
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48564
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48568
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48569
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48570
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48571
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48572
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48575
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48577
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48586
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48587
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48589
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48590
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48595
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48596
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48597
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48598
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48599
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48600
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48601
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48602
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48613
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48635
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48636
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48637
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48639

 

Multi-State Information Sharing and Analysis Center (MS-ISAC)
Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061

24×7 Security Operations Center
SOC@cisecurity.org – 1-866-787-4722

TLP:CLEAR
www.cisa.gov/tlp
Information may be distributed without restriction, subject to standard copyright rules.

Center for Internet Security

Northeast Headquarters | 31 Tech Valley Drive | East Greenbush, NY 12061 | Phone: 518-266-3460