Intrusion Preventionvm2.Sandbox.Error.prepareStackTrace.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution vulnerability in vm2 sandbox.
This vulnerability is due to improper handling of error stack trace. A remote attacker could exploit this vulnerability by sending a crafted message to the target system. Successfully exploiting this vulnerability could result in remote code execution.
Outbreak Alert
vm2 is a sandbox solution that can run untrusted code with whitelisted Node's built-in modules. Exploiting the flaws, threat actors can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox.
Affected Products
vm2 Before version 3.9.17
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://github.com/patriksimek/vm2/releases
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2023-04-19 | 23.537 | Sig Added |
| 2023-04-12 | 23.534 | Sig Added |
| 2023-04-11 | 23.532 | Name:vm2. Sandbox. CVE-2022-36067. Remote. Code. Execution:vm2. Sandbox. Error. prepareStackTrace. Remote. Code. Execution |
| 2022-11-17 | 22.442 | Sig Added |
| 2022-11-07 | 22.433 | Default_action:pass:drop |
| 2022-10-25 | 22.421 |
| ID | 52237 |
| Created | Oct 17, 2022 |
| Updated | Apr 19, 2023 |
| Outbreak Alert | VM2 Sandbox Escape |
| Threat Signal | View Report |
| Risk |
|
| CVE ID | CVE-2023-29017 CVE-2023-30547 CVE-2023-29199 CVE-2022-36067 |
| Exploit Prediction Score | 2.31% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |