04 Oct 2023
Vulnérabilité CVE-2023-3512 CVE Vulnerability
Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter. (CVSS:7.5) (Last Update:2023-10-04 11:15:10)
Vulnerability Details :
Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.
Vulnerability category:Directory traversal
Published 2023-10-04 11:15:10
Updated 2023-10-04 11:15:10
Exploit prediction scoring system (EPSS) score for CVE-2023-3512
We don't have an EPSS score for this CVE yet EPSS FAQ
CVSS scores for CVE-2023-3512
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|
7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 | [email protected] |
CWE ids for CVE-2023-3512
- The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.Assigned by: [email protected] (Secondary)