Beware of Malicious Files in Telindus Apsal Open Document Feature

CVECVE-2023-26098
CVSScvssV3_1: 8.2
SourceCVE-2023-26098

Telindus Apsal, a popular document management software, has a vulnerability in its Open Document feature that could allow hackers to execute malicious code on users’ systems.

The vulnerability has been assigned the identifier CVE-2023-26098 and has a CVSS score of 8.2, meaning it is considered highly critical. Attackers could craft a specially modified file with hidden malicious code and upload it to the Open Document feature in Apsal versions prior to 3.14.2022.235 b. Once opened, the file would be able to run arbitrary code without users’ knowledge or consent.

This works because the software failed to properly sanitize user-uploaded files before opening them. Hackers have been known to exploit such vulnerabilities by disguising viruses, worms or malware inside otherwise-innocent looking documents. If successful, they could infect systems with ransomware to lock users’ files or steal sensitive information like passwords and financial details.

The good news is Telindus has released an update that fixes the vulnerability. Users are strongly advised to update their Apsal installation immediately. It is also recommended to exercise caution when opening documents from unknown or suspicious sources. Being vigilant about application and system updates can go a long way in protecting yourself from emerging cyber threats.

References