CVE-2023-7163: A Maximum Threat to D-Link D-View’s Network Security
D-Link D-View is a network management software suite designed to help businesses and organizations of all sizes monitor, manage, and troubleshoot their wired and wireless networks. A recent discovery has cast a shadow over its robustness – the CVE-2023-7163 vulnerability, a critical flaw with a maximum CVSSv3 score of 10.
This security issue, existing in versions up to D-View 8 v2.0.2.89, could allow attackers to manipulate the probe inventory of the D-View service, potentially leading to significant information disclosure. Detected by the security researchers at Tenable, the technical details and proof-of-concept of this flaw lay bare the vulnerability’s potential for havoc.
The core of CVE-2023-7163 lies in how D-View 8 handles its Probe servers. An unauthenticated remote attacker can masquerade as a Probe server by sending a ‘probe-online’ task to the Core server. This maneuver can flood the system with bogus, attacker-controlled Probe servers, corrupting the D-View 8’s web UI and its MongoDB collection, DView8_Probe. The implications are dire: if an attacker-controlled Probe server is used for network discovery, it can feed false device information into the Core server.
The process gets even more intricate. D-View 8 tasks, stored in the DView8_Task MongoDB collection, are periodically fetched by Probe servers based on criteria like probeId and taskStatus. An attacker, knowing the probeId of a legitimate Probe server, can intercept these tasks. The probeId, based on the server’s MAC address, is vulnerable to exposure, especially if the attacker shares the same LAN as the Probe server.
D-View 8 tasks can carry sensitive information, such as login credentials for SNMP and WMI, used in network scanning. For instance, the ‘add-discovery’ task, triggered for manual network discovery or scheduled scans, contains credentials that an attacker could potentially intercept. Similarly, the ‘tool-cli’ task carries SSH credentials to connect to discovered devices, another goldmine for any cybercriminal.
If an attacker successfully intercepts a task meant for a legitimate Probe server, it leads to more than just data theft. The legitimate server, finding the taskStatus updated, fails to perform the task, resulting in a denial-of-service situation.
As alarming as CVE-2023-7163 is, what’s more concerning is the lack of a response from the vendor. Without a patch or solution from D-Link, users of D-View 8 are left to navigate these treacherous waters without an update to anchor their cybersecurity defenses.
For businesses relying on D-Link’s D-View 8, awareness of this vulnerability and implementing additional security measures are crucial steps in safeguarding their digital infrastructure against the ever-present threat of cyberattacks.
