CVE-2023-3512

Relative path traversal in Setelsa Security ConacWin CB

CVSS 7.5 HIGHEPSS 0.6%CWE-23

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

04 Oct 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Setelsa Security · ConacWin CB

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-setelsa-security-conacwin