Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543.
References
Link | Resource |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-23-1058/ | Third Party Advisory VDB Entry |
https://www.zerodayinitiative.com/advisories/ZDI-23-1058/ | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 08:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.zerodayinitiative.com/advisories/ZDI-23-1058/ - Third Party Advisory, VDB Entry |
29 Dec 2023, 17:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.zerodayinitiative.com/advisories/ZDI-23-1058/ - Third Party Advisory, VDB Entry | |
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
CPE | cpe:2.3:a:softing:edgeaggregator:3.4.0:*:*:*:*:*:*:* |
20 Dec 2023, 13:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-19 22:15
Updated : 2024-11-21 08:12
NVD link : CVE-2023-38126
Mitre link : CVE-2023-38126
CVE.ORG link : CVE-2023-38126
JSON object : View
Products Affected
softing
- edgeaggregator
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')