Description
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36650
Scores
CVSS v3
7.2
EPSS
0.0039
EPSS Percentile
30.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-354
Status
published
Products (1)
prolion/cryptospike
3.0.15 p2
Published
Dec 12, 2023
Tracked Since
Feb 18, 2026