Cyble Global Sensor Intelligence (CGSI) recently discovered scanning attempts targeting a major security vulnerability known as CVE-2023-49103, which was reported on November 21, 2023, by ownCloud. This vulnerability, which has a CVSS score of 10.0, could expose sensitive information to unauthorized users. CGSI observed that scanning attempts targeted vulnerable ownCloud instances around the world starting from November 23rd. ownCloud is a popular open-source software product used for file sharing and syncing in distributed and federated enterprise environments. It enables organizations and remote users to collaboratively manage their documents across servers, computers, and mobile devices. An online scanner recently identified over 20,000 “ownCloud” instances accessible on the internet, making them potential targets for attackers. The top five countries with open instances of ownCloud are listed in Figure 1, which also indicates the presence of multiple honeypots among the exposed instances.
Attackers may exploit critical vulnerabilities, like CVE-2023-49103, for large-scale attacks, as seen in recent incidents where ransomware groups took advantage of vulnerabilities for mass exploitation. The exploitation of recently disclosed vulnerabilities remains a significant threat, with a focus on addressing the risks associated with the ownCloud vulnerability. Furthermore, the Proof of Concept (PoC) for this exploit is available on GitHub and has been discussed among threat actors in numerous instances. The PoC for this exploit was released on November 22, 2023, and has been actively exploited within days of its release, captured by CGSI sensors as shown in Figure 3.
The ownCloud vulnerability CVE-2023-49103 poses a critical threat, as exploitation could lead to unauthorized access and the disclosure of sensitive information. It is crucial to take immediate action to patch and secure ownCloud instances to prevent potential exploitation. Additionally, we recommend the following measures to safeguard against these attacks: removal of the vulnerable file from ownCloud, updating sensitive information, employing vulnerability scanning tools, and setting up a patch management process.
The exposure of sensitive information through ownCloud instances is a critical issue that requires immediate attention. It is essential to address these vulnerabilities promptly to prevent potential unauthorized access and the disclosure of valuable data. These measures can help maintain a secure computing environment and protect against potential security weaknesses.