Published:2023/03/01  Last Updated:2023/03/09

JVN#57224029
Multiple vulnerabilities in SS1 and Rakuraku PC Cloud

Overview

SS1 and Rakuraku PC Cloud provided by DOS Co., Ltd. contain multiple vulnerabilities.

Products Affected

  • SS1 Ver.13.1.0.40 and earlier (Media version 13.1.0c and earlier)
  • Rakuraku PC Cloud Agent Ver.2.1.8 and earlier

Description

SS1 is asset management software and Rakuraku PC Cloud is cloud-based asset management service. SS1 and Rakuraku PC Cloud Agent contain multiple vulnerabilities listed below.

  • Improper Access Control (CWE-284) - CVE-2023-22335
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score: 7.5
    CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N Base Score: 5.0
  • Path Traversal (CWE-22) - CVE-2023-22336
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 5.3
    CVSS v2 AV:N/AC:L/Au:N/C:N/I:P/A:N Base Score: 5.0
  • Use of Hard-coded Credentials (CWE-798) - CVE-2023-22344
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Base Score: 5.3
    CVSS v2 AV:N/AC:L/Au:N/C:P/I:N/A:N Base Score: 5.0

Impact

  • A remote attacker may download arbitrary files of the directory where the product runs - CVE-2023-22335
  • A remote attacker may upload a specially crafted file to an arbitrary directory - CVE-2023-22336
  • A remote attacker may obtain the password of the debug tool and execute it - CVE-2023-22344
When these vulnerabilities are combined, it allows a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.

Solution

Update the software
Update software to the latest version according to the information provided by the developer.

The developer states that the patch of Rakuraku PC Cloud Agent is applied automatically when the client is launched.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Denis Faiustov, and Ruslan Sayfiev of GMO Cyber Security by IERAE reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-22335
CVE-2023-22336
CVE-2023-22344
JVN iPedia JVNDB-2023-000021

Update History

2023/03/09
Information under the section [Products Affected] was updated.