CVE-2015-5952 – This is a directory traversal vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2015-5952?

CVE-2015-5952 has a CVSS score of 9.8 (CRITICAL). This is a directory traversal vulnerability in Thomson Reuters for FATCA software that allows remote attackers to execute arbitrary files by manipulating the 'item' parameter. It affects all versions before 5.2, potentially enabling complete system compromise. Organizations using vulnerable versions of this tax compliance software are at risk.

📋 TL;DR

This is a directory traversal vulnerability in Thomson Reuters for FATCA software that allows remote attackers to execute arbitrary files by manipulating the 'item' parameter. It affects all versions before 5.2, potentially enabling complete system compromise. Organizations using vulnerable versions of this tax compliance software are at risk.

💻 Affected Systems

Products:

Thomson Reuters for FATCA

Versions: All versions before 5.2

Operating Systems: Windows (primary deployment platform)

Default Config Vulnerable: ⚠️ Yes

Notes: This is a web application vulnerability, so the underlying OS may vary but Windows is the typical deployment platform for this software.

📦 What is this software?

Fatca by Thomsonreuters

View all CVEs affecting Fatca →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Arbitrary file execution allowing attackers to read sensitive files, modify configurations, or deploy malware.

🟢

If Mitigated

Limited impact with proper network segmentation, file system permissions, and input validation controls in place.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and has a CVSS score of 9.8.

🏢 Internal Only: HIGH - Even if not internet-facing, internal attackers or compromised systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is simple to exploit via path traversal in the item parameter, and public disclosure includes technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.2 or later

Vendor Advisory: http://seclists.org/fulldisclosure/2015/Aug/24

Restart Required: Yes

Instructions:

1. Contact Thomson Reuters support for version 5.2 or later. 2. Backup current configuration and data. 3. Install the updated version following vendor instructions. 4. Restart the application service. 5. Verify the fix is applied.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall rules or input validation to block directory traversal sequences in the item parameter.

WAF rule: block requests containing '../' or '..\' in item parameter

File System Restrictions

windows

Restrict application permissions to only necessary directories and implement strict file system access controls.

Windows: icacls "C:\Program Files\FATCA" /deny Everyone:(OI)(CI)(DE,DC)

🧯 If You Can't Patch

Isolate the FATCA system in a segmented network zone with strict firewall rules limiting access.
Implement application-level input validation to sanitize the item parameter and block traversal attempts.

🔍 How to Verify

Check if Vulnerable:

Check the application version in the admin interface or configuration files. If version is below 5.2, the system is vulnerable.

Check Version:

Check application configuration files or admin panel for version information.

Verify Fix Applied:

After patching, verify the version is 5.2 or higher and test that directory traversal attempts in the item parameter are blocked.

📡 Detection & Monitoring

Log Indicators:

HTTP requests with '../' or '..\' sequences in the item parameter
Unusual file access patterns from the FATCA application

Network Indicators:

HTTP requests with path traversal payloads to the FATCA application endpoint

SIEM Query:

source="FATCA_logs" AND (item="*../*" OR item="*..\\*")

📊 Metadata

CVE ID: CVE-2015-5952

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: January 15, 2020

Last Updated: November 21, 2024

🔗 References

http://seclists.org/fulldisclosure/2015/Aug/24 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2015/Aug/24 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-5952, you might also want to check these: