TSPlus 16.0.0.0 Insecure Permissions

🗓️ 22 Aug 2023 00:00:00Reported by Carlo Di DatoType

packetstorm🔗 packetstormsecurity.com👁 316 Views

TSPlus 16.0.0.0 Insecure Permissions allows malicious users to manipulate files and compromise systems

Reporter	Title	Published	Views	Family All 17
0day.today	TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Vulnerability	21 Aug 202300:00	–	zdt
ATTACKERKB	CVE-2023-31068	11 Sep 202319:15	–	attackerkb
ATTACKERKB	CVE-2023-27133	17 Oct 202316:15	–	attackerkb
Circl	CVE-2023-31068	11 Sep 202322:27	–	circl
CNNVD	TSplus 安全漏洞	21 Aug 202300:00	–	cnnvd
CVE	CVE-2023-31068	11 Sep 202300:00	–	cve
Cvelist	CVE-2023-31068	11 Sep 202300:00	–	cvelist
Exploit DB	TSplus 16.0.0.0 - Remote Work Insecure Files and Folders	21 Aug 202300:00	–	exploitdb
EUVD	EUVD-2023-35397	3 Oct 202520:07	–	euvd
NVD	CVE-2023-31068	11 Sep 202319:15	–	nvd

`# Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions  
# Date: 2023-08-09  
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia  
# Vendor Homepage: https://tsplus.net/  
# Version: Up to 16.0.0.0  
# Tested on: Windows  
# CVE : CVE-2023-31068  
  
With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single   
sign-on web portal and remote desktop gateway that enables users to   
remotely access the console session of their office PC.  
The solution comes with an embedded web server to allow remote users to   
easely connect remotely.  
However, insecure file and folder permissions are set, and this could   
allow a malicious user to manipulate file content (e.g.: changing the   
code of html pages or js scripts) or change legitimate files (e.g.   
Setup-RemoteWork-Client.exe) in order to compromise a system or to gain   
elevated privileges.  
  
This is the list of insecure files and folders with their respective   
permissions:  
  
Permission: Everyone:(OI)(CI)(F)  
  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\prints  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads\shared  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\js  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\locales  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\own  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\des  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\topmenu  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key\parts  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\cp  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\srv  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images\bramus  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var\log  
  
-------------------------------------------------------------------------------------------  
  
Permission: Everyone:(F)  
  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\robots.txt  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\hb.exe.config  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp\index.html  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\common.js  
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\lang.js  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\download\Setup-RemoteWork-Client.exe  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\jwwebsockify.jar  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\web.jar  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitlist.html  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitupload.html  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\index.html  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\index.html  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\port.bin  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\jws.js  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\sha256.js  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype\prototype.js  
C:\Program Files   
(x86)\TSplus-RemoteWork\Clients\www\software\js\jquery.min.js  
  
`

22 Aug 2023 00:00Current

7.1High risk

Vulners AI Score7.1

EPSS0.01501