CVE-2024-5433

NONE

Risk Signal Score0/100 — NIEDRIG

EPSS-Score

Exploit-Wahrscheinlichkeit (30 Tage)

Beschreibung

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to.

Referenzen

https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01
https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01