1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Campbell Scientific
- Equipment: CSI Web Server
- Vulnerabilities: Path Traversal, Weak Encoding for Password
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to download files and decode stored passwords.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Campbell Scientific CSI Web Server and RTMC (Real-Time Monitoring and Control) Pro, which contains the CSI Web Server are affected:
- Campbell Scientific CSI Web Server: Versions 1.6 and prior
- RTMC Pro: Version 5.0 and prior
3.2 Vulnerability Overview
3.2.1 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY (‘PATH TRAVERSAL’) CWE-22
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to.
CVE-2024-5433 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
A CVSS v4 score has also been calculated for CVE-2024-5433. A base score of 6.9 has been calculated; the CVSS vector string is (This article has been indexed from All CISA Advisories