ConacWin CB, versions 18.104.22.168 and earlier.
INCIBE has coordinated the publication of a vulnerability affecting Setelsa Security ConacWin CB, an access control platform, which has been discovered by Agustín Picazo (Black Giraffe).
The following code has been assigned to this vulnerability:
- CVSS v3.1 base score: 7.5.
- CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
- Vulnerability type: CWE-23: Relative Path Traversal.
Setelsa Security has released version 22.214.171.124, which resolves the reported vulnerability.
CVE-2023-3512: relative path traversal vulnerability in Setelsa Security's ConacWin CB, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.