TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions

2023-08-2100:00:00

shinnai

www.exploit-db.com

113

tsplus

remote access

file permissions

folder permissions

insecure

manipulate files

malicious user

elevated privileges

vulnerability

exploit

cve-2023-31067

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.4%

JSON

# Exploit Title: TSplus 16.0.2.14 - Remote Access Insecure Files and Folders Permissions
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://tsplus.net/
# Version: Up to 16.0.2.14
# Tested on: Windows
# CVE : CVE-2023-31067

TSplus Remote Access (v. 16.0.2.14) is an alternative to Citrix and 
Microsoft RDS for remote desktop access and Windows application 
delivery. Web-enable your legacy apps, create SaaS solutions or remotely 
access your centralized corporate tools and files.
The TSplus Remote Access solution comes with an embedded web server to 
allow remote users to easely connect remotely.
However, insecure file and folder permissions are set and this could 
allow a malicious user to manipulate file content (e.g.: changing the 
code of html pages or js scripts) or change legitimate files (e.g. 
Setup-VirtualPrinter-Client.exe) in order to compromise a system or to 
gain elevated privileges.

This is the list of insecure files and folders with their respective 
permissions:
Everyone:(OI)(CF)(F) and Everyone(F)
Permission: Everyone:(OI)(CI)(F)

C:\Program Files (x86)\TSplus\Clients\www
C:\Program Files (x86)\TSplus\Clients\www\addons
C:\Program Files (x86)\TSplus\Clients\www\ConnectionClient
C:\Program Files (x86)\TSplus\Clients\www\downloads
C:\Program Files (x86)\TSplus\Clients\www\prints
C:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient
C:\Program Files (x86)\TSplus\Clients\www\software
C:\Program Files (x86)\TSplus\Clients\www\var
C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp
C:\Program Files (x86)\TSplus\Clients\www\downloads\shared
C:\Program Files (x86)\TSplus\Clients\www\software\java
C:\Program Files (x86)\TSplus\Clients\www\software\js
C:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres
C:\Program Files (x86)\TSplus\Clients\www\software\html5\locales
C:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\topmenu
C:\Program Files (x86)\TSplus\Clients\www\software\html5\imgs\key\parts
C:\Program Files (x86)\TSplus\Clients\www\software\java\img
C:\Program Files (x86)\TSplus\Clients\www\software\java\third
C:\Program Files (x86)\TSplus\Clients\www\software\java\img\cp
C:\Program Files (x86)\TSplus\Clients\www\software\java\img\srv
C:\Program Files (x86)\TSplus\Clients\www\software\java\third\images
C:\Program Files (x86)\TSplus\Clients\www\software\java\third\js
C:\Program Files 
(x86)\TSplus\Clients\www\software\java\third\images\bramus
C:\Program Files 
(x86)\TSplus\Clients\www\software\java\third\js\prototype
C:\Program Files (x86)\TSplus\Clients\www\var\log
C:\Program Files (x86)\TSplus\UserDesktop\themes
C:\Program Files (x86)\TSplus\UserDesktop\themes\BlueBar
C:\Program Files (x86)\TSplus\UserDesktop\themes\Default
C:\Program Files (x86)\TSplus\UserDesktop\themes\GreyBar
C:\Program Files (x86)\TSplus\UserDesktop\themes\Logon
C:\Program Files (x86)\TSplus\UserDesktop\themes\MenuOnTop
C:\Program Files (x86)\TSplus\UserDesktop\themes\Seamless
C:\Program Files (x86)\TSplus\UserDesktop\themes\ThinClient
C:\Program Files (x86)\TSplus\UserDesktop\themes\Vista

------------------------------------------------------------------------------

Permission: Everyone:(F)

C:\Program Files (x86)\TSplus\Clients\www\all.min.css
C:\Program Files (x86)\TSplus\Clients\www\custom.css
C:\Program Files (x86)\TSplus\Clients\www\popins.css
C:\Program Files (x86)\TSplus\Clients\www\robots.txt
C:\Program Files 
(x86)\TSplus\Clients\www\addons\Setup-VirtualPrinter-Client.exe
C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\hb.exe.config
C:\Program Files 
(x86)\TSplus\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config
C:\Program Files (x86)\TSplus\Clients\www\cgi-bin\remoteapp\index.html
C:\Program Files (x86)\TSplus\Clients\www\RemoteAppClient\index.html
C:\Program Files (x86)\TSplus\Clients\www\software\common.css
C:\Program Files 
(x86)\TSplus\Clients\www\software\html5\jwres\jwwebsockify.jar
C:\Program Files (x86)\TSplus\Clients\www\software\html5\jwres\web.jar
C:\Program Files 
(x86)\TSplus\Clients\www\software\html5\own\exitlist.html
C:\Program Files 
(x86)\TSplus\Clients\www\software\html5\own\exitupload.html
C:\Program Files 
(x86)\TSplus\Clients\www\software\html5\own\getlist.html
C:\Program Files 
(x86)\TSplus\Clients\www\software\html5\own\getupload.html
C:\Program Files 
(x86)\TSplus\Clients\www\software\html5\own\postupload.html
C:\Program Files 
(x86)\TSplus\Clients\www\software\html5\own\uploaderr.html
C:\Program Files (x86)\TSplus\Clients\www\software\java\index.html
C:\Program Files (x86)\TSplus\Clients\www\software\java\img\index.html
C:\Program Files (x86)\TSplus\Clients\www\software\java\img\port.bin
C:\Program Files (x86)\TSplus\Clients\www\software\java\third\jws.js
C:\Program Files (x86)\TSplus\Clients\www\software\java\third\sha256.js
C:\Program Files 
(x86)\TSplus\Clients\www\software\java\third\js\prototype\prototype.js
C:\Program Files (x86)\TSplus\Clients\www\software\js\jquery.min.js