Vulnerability Report

CVE-2023-41993

CISA KEV Active

Title: Netapp Cloud Insights Acquisition Unit

Other

Proof Of Concept

PoC Available for CVE-2023-41993

CWE Category CWE-754
Published Date Sep 21, 2023
Modified Date Nov 05, 2025
Exploit Status Available
Score 8.8 CVSS v3.1
Exploit Probability (EPSS)
24.17%

Vulnerability Summary

CVE-2023-41993: The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Impacted Vendors

N
netapp 5
H
hp 2
W
webkitgtk 1
W
webkit 1
S
sun 2
O
oracle 3

Reference Links

https://security.gentoo.org/glsa/202401-33 https://security.netapp.com/advisory/ntap-20240426-0004/ https://support.apple.com/en-us/HT213940 https://security.gentoo.org/glsa/202401-33 https://security.netapp.com/advisory/ntap-20240426-0004/ https://support.apple.com/en-us/HT213940 https://support.apple.com/kb/HT213926 https://support.apple.com/kb/HT213930 https://webkitgtk.org/security/WSA-2023-0009.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-41993
CVSS v3.1
Source Entity [email protected]
Severity HIGH
8.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
REQUIRED
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v3.1
Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0
Severity HIGH
8.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
REQUIRED
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2023-41993 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/po6ix/POC-for-CVE-2023-41993
View Code
GitHub https://github.com/hrtowii/cve-2023-41993-test
View Code
GitHub https://github.com/0x06060606/CVE-2023-41993
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction REQUIRED
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.