CVE-2023-6407

CWE-22 — Path Traversal4 documents4 sources

Severity

7.1HIGH

EPSS

0.1%

top 82.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Schneider-electric Easy UPS Online Monitoring Software Schneider Electric Easy UPS Online Monitoring Software

Timeline

PublishedDec 14

Description

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion upon service restart when accessed by a local and low-privileged attacker.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 1.0 | Impact: 4.2

Affected Packages2 packages

▶NVDschneider-electric/easy_ups_online_monitoring_software< 2.6-ga-01-23248

▶CVEListV5schneider_electric/easy_ups_online_monitoring_software2.6-GA-01-23116 and prior (Windows 10, 11, Windows Server 2016, 2019, 2022)

🔴Vulnerability Details

GHSA

GHSA-94j2-x7q3-948j: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion↗2023-12-14

▶

CVEList

CVE-2023-6407: A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file deletion↗2023-12-14

▶

OSV

libx11 vulnerabilities↗2023-10-10

▶