Relative path traversal in Setelsa Security ConacWin CB

Posted date 13/07/2023

Importance

4 - High

Affected Resources

ConacWin CB, versions 3.8.2.2 and earlier.

Description

INCIBE has coordinated the publication of a vulnerability affecting Setelsa Security ConacWin CB, an access control platform, which has been discovered by Agustín Picazo (Black Giraffe).

The following code has been assigned to this vulnerability:

CVE-2023-3512:

CVSS v3.1 base score: 7.5.
CVSS vector string: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Vulnerability type: CWE-23: Relative Path Traversal.

Solution

Setelsa Security has released version 3.8.2.3, which resolves the reported vulnerability.

Detail

CVE-2023-3512: relative path traversal vulnerability in Setelsa Security's ConacWin CB, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.

References list

Product sheet - ConacWin CB

Etiquetas

0day
Update
CNA
Vulnerability