Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Relative path traversal in Setelsa Security ConacWin CB

Posted date 13/07/2023
Identificador
INCIBE-2023-0271
Importance
4 - High
Affected Resources

ConacWin CB, versions 3.8.2.2 and earlier.

Description

INCIBE has coordinated the publication of a vulnerability affecting Setelsa Security ConacWin CB, an access control platform, which has been discovered by Agustín Picazo (Black Giraffe), from Secra Solutions.

The following code has been assigned to this vulnerability:

CVE-2023-3512:

  • CVSS v3.1 base score: 7.5.
  • CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
  • Vulnerability type: CWE-23: Relative Path Traversal.
Solution

Setelsa Security has released version 3.8.2.3, which resolves the reported vulnerability.

Detail

CVE-2023-3512: relative path traversal vulnerability in Setelsa Security's ConacWin CB, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.

CVE
Identificador CVE Severidad Explotación Fabricante
References list
Product sheet - ConacWin CB
Etiquetas