CVE-2023-36650

HIGH

ProLion CryptoSpike 3.0.15P2 - Command Injection

Title source: llm

Description

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.

References (1)

[Exploit, Third Party Advisory] https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36650

Scores

CVSS v3 7.2

EPSS 0.0006

EPSS Percentile 18.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-354

Status published

Products (1)

prolion/cryptospike 3.0.15 p2

Published Dec 12, 2023

Tracked Since Feb 18, 2026