The SysAid Zero-Day Vulnerability: CVE-2023-47246 | UpGuard

SysAid on-premises contains a critical path traversal zero-day (CVE-2023-47246) actively exploited by the Lace Tempest threat actor to upload a Tomcat webshell, execute a Powershell-based loader (TurtleLoader), inject the GraceWire trojan into service executables, run Cobalt Strike, and enable possible data exfiltration and ransomware; SysAid and UpGuard advise immediate upgrade to version 23.3.36 and comprehensive compromise assessments alongside IOC and detection guidance.