PT-2024-1175 · Nexo-Os · Nexo-Os

Andrea Palanca

Published

2024-01-08

Updated

2024-01-16

CVE-2023-48242

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions NEXO-OS (affected versions not specified)

Description The issue allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. This is due to incorrect restriction of the path name to a directory with limited access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2024-00502

CVE-2023-48242

Affected Products

Nexo-Os

PT-2024-1175 · Nexo-Os · Nexo-Os

CVE-2023-48242

Weakness Enumeration

Related Identifiers

Affected Products

References · 9