CVE-2023-38126
published 2023-12-19CVE-2023-38126: Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute…
PriorityP270high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
68.61%
99.3th percentile
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softing | edgeaggregator | — | — |
| softing | edgeaggregator | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via processing of backup zip files — monitor for zip file uploads to the edgeAggregator restore/configuration endpoint, especially those containing absolute or traversal paths within the archive entries ↗
- →Classify as absolute path traversal (CWE-22); detect file write operations outside expected directories initiated by the edgeAggregator process, particularly running as root ↗
- →Exploitation requires authenticated (admin-level) HTTP access; alert on admin-authenticated POST requests carrying zip/archive payloads to the restore configuration API of Softing edgeAggregator ↗
- →Successful exploitation results in code execution as root; monitor for unexpected child processes or file modifications in sensitive OS paths spawned by the edgeAggregator service ↗
- ·CISA advisory notes these vulnerabilities are not exploitable remotely in their advisory context, despite NVD classifying the attack vector as Network (AV:N) — validate network reachability assumptions in your environment before tuning alert thresholds ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g46x-xw54-6wm3: Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability
ghsa_unreviewed·2023-12-20
CVE-2023-38126 [HIGH] CWE-22 GHSA-g46x-xw54-6wm3: Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability.
The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543.
CISA ICS
Softing edgeConnector
cisa_ics·2024-03-14·CVSS 7.2
[HIGH] Softing edgeConnector
ICS Advisory
##
Softing edgeConnector
Release DateMarch 14, 2024
Alert CodeICSA-24-074-13
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 7.2
- ATTENTION: Low attack complexity
- Vendor: Softing
- Equipment: edgeConnector
- Vulnerabilities: Cleartext Transmission of Sensitive Information, Path Traversal
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could create conditions that may allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Softing edgeConnector are affected:
- Softing edgeConnector: Version 3.60
- Softing edgeAggregator: Version 3.60
## 3.2 Vulnerability Overview
3.2.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-22
The affected p
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-19
Published