CVE-2023-33871

Name of the Vulnerable Software and Affected Versions Iagona ScrutisWeb versions 2.1.37 and prior

Description The issue exists due to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to gain direct access to any arbitrary file outside the webroot. Researchers found several flaws in the ScrutisWeb ATM fleet monitoring software that can expose ATMs to hacking.

Recommendations For Iagona ScrutisWeb versions 2.1.37 and prior, update to a version later than 2.1.37 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories outside the webroot to minimize the risk of exploitation.