Relative path traversal in Aqua eSolutions

Posted date 17/07/2023
Importance
5 - Critical
Affected Resources

Aqua Drive, version 2.4.

Description

INCIBE has coordinated the publication of a vulnerability affecting Aqua Drive,  which has been discovered by Ander Martínez (Titanium Industrial Security).

The following code has been assigned to this vulnerability:

CVE-2023-3701:

  • CVSS v3.1 base score: 9.9.
  • CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Vulnerability type: CWE-23: Relative Path Traversal.
Solution

Update to version 2.5.

Detail

CVE-2023-3701: Aqua Drive is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.