Beware! COMOS SMB Share Vulnerability Could Expose Your Files

CVECVE-2023-43505
CVSScvssV3_1: 9.6
SourceCVE-2023-43505

COMOS is a popular tool used by many organizations to manage their systems. Unfortunately, researchers have discovered a vulnerability in COMOS that could allow unauthorized access to files.

The vulnerability lies in COMOS’s implementation of SMB file sharing. SMB, or Server Message Block, is a protocol that allows applications on different systems to read and write files and printers over a network. COMOS lacks proper access controls for these SMB shares, meaning any user connected to the share could potentially browse, copy, modify or delete files they shouldn’t have access to.

An attacker could exploit this from within an organization’s network or remotely if the SMB shares are exposed publicly. They wouldn’t need complex hacking skills either – simply connecting to the vulnerable shares could be enough to access sensitive documents, configurations or other private information.

The security researchers have given this a CVSS score of 9.6 out of 10, meaning it is considered a very serious issue. All versions of COMOS are affected.

If you use COMOS, you should contact your IT administrators immediately. They should apply any updates or patches released by the vendor to fix the vulnerability. It’s also advisable to review permissions on SMB shares and restrict access only to authorized users until a patch is installed. Taking prompt action can help prevent unauthorized access to or loss of important files through this security flaw.

References