Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-10379

A vulnerability classified as problematic was found in ESAFENET CDG 5. Affected by this vulnerability is the function actionViewDecyptFile of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument decryptFileId with the input ../../../Windows/System32/drivers/etc/hosts leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The affected function has a typo and is missing an R. The vendor was contacted early about this disclosure but did not respond in any way.

Published

2024-10-25T12:15:02.890

Last Modified

2024-10-30T18:54:15.323

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-24
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	esafenet	cdg	5	Yes

References

https://flowus.cn/share/0b03c61a-76a5-4f45-9ee7-a88e0f21d539?code=G8A6P3 Exploit ([email protected])
https://vuldb.com/?ctiid.281809 Permissions Required ([email protected])
https://vuldb.com/?id.281809 Third Party Advisory ([email protected])
https://vuldb.com/?submit.426087 Third Party Advisory ([email protected])