PT-2023-7407 · Unknown · Network Configuration Manager

Chudypb

Published

2023-11-01

Updated

2023-11-17

CVE-2023-33226

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Network Configuration Manager (NCM) (affected versions not specified)

Description The issue is related to a Directory Traversal Remote Code Execution vulnerability in the ExportConfigs method of the Network Configuration Manager. This vulnerability allows a low-level user to perform actions with SYSTEM privileges, potentially enabling remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2023-08444

CVE-2023-33226

ZDI-23-1585

Affected Products

Network Configuration Manager

PT-2023-7407 · Unknown · Network Configuration Manager

CVE-2023-33226

Weakness Enumeration

Related Identifiers

Affected Products

References · 12