{"uuid": "251b605c-5c3b-4f18-8ce1-a836d7332f2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28354", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1096", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28354\n\ud83d\udd39 Description: An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\\SYSTEM.\n\ud83d\udccf Published: 2025-01-09T00:00:00\n\ud83d\udccf Modified: 2025-01-09T21:53:59.302079\n\ud83d\udd17 References:\n1. https://github.com/stormfleet/CVE-2023-28354/blob/main/README.md", "creation_timestamp": "2025-01-09T22:15:35.000000Z"}