An attacker might successfully take advantage of two serious security weaknesses in the open-source CasaOS personal cloud software to execute arbitrary code and take control of vulnerable systems.

The vulnerabilities, identified by the tracking numbers CVE-2023-37265 and CVE-2023-37266, have a combined CVSS score of 9.8 out of 10.

The issues were found by Thomas Chauchefoin, a Sonar security researcher, who stated that they “allow attackers to get around authentication requirements and gain full access to the CasaOS dashboard.”

What’s even more concerning is that CasaOS’s ability to run third-party apps might be used as a weapon to issue arbitrary commands on the device read more Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software.

Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.

The post Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software appeared first on Recon Bee.