Vulnerability Description: Relative Path Traversal – CWE-23
Software Version: R19.9
NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-41760
CVSv3: 6.5
Severity: Medium
Credits: Luca Di Giuseppe, Alessandro Bosco, Stefano Scipioni, Massimiliano Brolli
The web server fails to sanitize the input data allowing remote authenticated attacker to read files on the filesystem arbitrarily.
Step-by-step instructions and PoC
By manipulating the GET "filename" parameter referring to files with sequences such as "dot-dot-slash (../)" it is possible to access arbitrary files and directories stored on the filesystem, including application source code, configuration files and critical system files.
Affected Endpoints:
· URL: https://[...]:8443/oms1350/data/cpb/log?filename=
Parameter:
· filename
Below is the evidence.
Detail of the HTTP request/response showing exploitation of the vulnerability.
Security Impact
Exploiting this vulnerability on the web portal it was possible to read the files on the filesystem.
