Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2023-28725
Modified
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-22 Mar, 2023 | 00:15
Updated At-26 Feb, 2025 | 17:15

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Secondary3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPE Matches
generalbytes
generalbytes
>>crypto_application_server>>20230120
cpe:2.3:a:generalbytes:crypto_application_server:20230120:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Primarynvd@nist.gov
CWE-434Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-434
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-434
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/cve@mitre.org
Press/Media Coverage
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023cve@mitre.org
Exploit
Vendor Advisory
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/951418958/Update+CAScve@mitre.org
Mitigation
https://twitter.com/generalbytes/status/1637192687160897537cve@mitre.org
Issue Tracking
https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-millioncve@mitre.org
Third Party Advisory
https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/cve@mitre.org
Press/Media Coverage
https://www.generalbytes.com/en/support/changelogcve@mitre.org
Release Notes
https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023af854a3a-2127-422b-91ae-364da2661108
Exploit
Vendor Advisory
https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/951418958/Update+CASaf854a3a-2127-422b-91ae-364da2661108
Mitigation
https://twitter.com/generalbytes/status/1637192687160897537af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-millionaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/af854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
https://www.generalbytes.com/en/support/changelogaf854a3a-2127-422b-91ae-364da2661108
Release Notes
Hyperlink: https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/
Source: cve@mitre.org
Resource:
Press/Media Coverage
Hyperlink: https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023
Source: cve@mitre.org
Resource:
Exploit
Vendor Advisory
Hyperlink: https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/951418958/Update+CAS
Source: cve@mitre.org
Resource:
Mitigation
Hyperlink: https://twitter.com/generalbytes/status/1637192687160897537
Source: cve@mitre.org
Resource:
Issue Tracking
Hyperlink: https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-million
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/
Source: cve@mitre.org
Resource:
Press/Media Coverage
Hyperlink: https://www.generalbytes.com/en/support/changelog
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Hyperlink: https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Vendor Advisory
Hyperlink: https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/951418958/Update+CAS
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mitigation
Hyperlink: https://twitter.com/generalbytes/status/1637192687160897537
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Hyperlink: https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-million
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Press/Media Coverage
Hyperlink: https://www.generalbytes.com/en/support/changelog
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Change History
0Changes found
Details not found