CVE-2023-23914 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2023-23914?
CVE-2023-23914 is a critical vulnerability in curl, a tool for transferring data with URLs, affecting versions 7.77.0 to 7.88.0. With a severity score of 9.1, the issue involves the handling of HTTP Strict Transport Security (HSTS) during multiple requests within a single invocation, potentially leading to sensitive information disclosure, data modification, or Denial of Service (DoS). Systems using affected versions of curl and Libcurl (versions 7.57.0 to 7.87.0) are at risk.
Who is impacted by CVE-2023-23914?
CVE-2023-23914 affects users of curl versions 7.77.0 to 7.88.0 and NetApp products like Active IQ Unified Manager and Clustered Data ONTAP 9.0. Splunk Universal Forwarder versions 8.2.0 to 8.2.12, 9.0.0 to 9.0.6, and 9.1.0 are also impacted. This vulnerability can lead to sensitive information disclosure, data modification, or Denial of Service (DoS) when handling HSTS during multiple requests within a single invocation.
What to do if CVE-2023-23914 affected you
If you're affected by the CVE-2023-23914 vulnerability, it's crucial to take action to protect your systems. The best course of action is to update your curl tool to the latest version that includes the fix for this vulnerability. This will help prevent potential disclosure of sensitive information, data modification, or Denial of Service (DoS) attacks.
Check your curl version by running
curl --versionin the command line.If your version is between 7.77.0 and 7.88.0, update curl to the latest version.
For NetApp and Splunk Universal Forwarder users, follow the vendor's guidance for updating affected products.
Monitor your systems for any signs of compromise or unusual activity.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-23914 vulnerability, also known as "Cleartext Transmission of Sensitive Information," is not listed in CISA's Known Exploited Vulnerabilities Catalog. To protect your systems, it's essential to update curl to the latest version, which includes a fix for this vulnerability. This will help prevent potential disclosure of sensitive information, data modification, or Denial of Service (DoS) attacks.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-319, which involves cleartext transmission of sensitive information.
Learn More
For a comprehensive understanding of this vulnerability, consult the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-23914 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2023-23914?
CVE-2023-23914 is a critical vulnerability in curl, a tool for transferring data with URLs, affecting versions 7.77.0 to 7.88.0. With a severity score of 9.1, the issue involves the handling of HTTP Strict Transport Security (HSTS) during multiple requests within a single invocation, potentially leading to sensitive information disclosure, data modification, or Denial of Service (DoS). Systems using affected versions of curl and Libcurl (versions 7.57.0 to 7.87.0) are at risk.
Who is impacted by CVE-2023-23914?
CVE-2023-23914 affects users of curl versions 7.77.0 to 7.88.0 and NetApp products like Active IQ Unified Manager and Clustered Data ONTAP 9.0. Splunk Universal Forwarder versions 8.2.0 to 8.2.12, 9.0.0 to 9.0.6, and 9.1.0 are also impacted. This vulnerability can lead to sensitive information disclosure, data modification, or Denial of Service (DoS) when handling HSTS during multiple requests within a single invocation.
What to do if CVE-2023-23914 affected you
If you're affected by the CVE-2023-23914 vulnerability, it's crucial to take action to protect your systems. The best course of action is to update your curl tool to the latest version that includes the fix for this vulnerability. This will help prevent potential disclosure of sensitive information, data modification, or Denial of Service (DoS) attacks.
Check your curl version by running
curl --versionin the command line.If your version is between 7.77.0 and 7.88.0, update curl to the latest version.
For NetApp and Splunk Universal Forwarder users, follow the vendor's guidance for updating affected products.
Monitor your systems for any signs of compromise or unusual activity.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-23914 vulnerability, also known as "Cleartext Transmission of Sensitive Information," is not listed in CISA's Known Exploited Vulnerabilities Catalog. To protect your systems, it's essential to update curl to the latest version, which includes a fix for this vulnerability. This will help prevent potential disclosure of sensitive information, data modification, or Denial of Service (DoS) attacks.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-319, which involves cleartext transmission of sensitive information.
Learn More
For a comprehensive understanding of this vulnerability, consult the NVD page or the resources listed below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2023-23914 Report - Details, Severity, & Advisories
Twingate Team
•
Jul 4, 2024
What is CVE-2023-23914?
CVE-2023-23914 is a critical vulnerability in curl, a tool for transferring data with URLs, affecting versions 7.77.0 to 7.88.0. With a severity score of 9.1, the issue involves the handling of HTTP Strict Transport Security (HSTS) during multiple requests within a single invocation, potentially leading to sensitive information disclosure, data modification, or Denial of Service (DoS). Systems using affected versions of curl and Libcurl (versions 7.57.0 to 7.87.0) are at risk.
Who is impacted by CVE-2023-23914?
CVE-2023-23914 affects users of curl versions 7.77.0 to 7.88.0 and NetApp products like Active IQ Unified Manager and Clustered Data ONTAP 9.0. Splunk Universal Forwarder versions 8.2.0 to 8.2.12, 9.0.0 to 9.0.6, and 9.1.0 are also impacted. This vulnerability can lead to sensitive information disclosure, data modification, or Denial of Service (DoS) when handling HSTS during multiple requests within a single invocation.
What to do if CVE-2023-23914 affected you
If you're affected by the CVE-2023-23914 vulnerability, it's crucial to take action to protect your systems. The best course of action is to update your curl tool to the latest version that includes the fix for this vulnerability. This will help prevent potential disclosure of sensitive information, data modification, or Denial of Service (DoS) attacks.
Check your curl version by running
curl --versionin the command line.If your version is between 7.77.0 and 7.88.0, update curl to the latest version.
For NetApp and Splunk Universal Forwarder users, follow the vendor's guidance for updating affected products.
Monitor your systems for any signs of compromise or unusual activity.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2023-23914 vulnerability, also known as "Cleartext Transmission of Sensitive Information," is not listed in CISA's Known Exploited Vulnerabilities Catalog. To protect your systems, it's essential to update curl to the latest version, which includes a fix for this vulnerability. This will help prevent potential disclosure of sensitive information, data modification, or Denial of Service (DoS) attacks.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-319, which involves cleartext transmission of sensitive information.
Learn More
For a comprehensive understanding of this vulnerability, consult the NVD page or the resources listed below.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions