CVE-2020-25068 – CVE-2020-25068 is a local file inclusion vulner... (How to Fix)

Q: What is the severity of CVE-2020-25068?

CVE-2020-25068 has a CVSS score of 7.5 (HIGH). CVE-2020-25068 is a local file inclusion vulnerability in Setelsa Conacwin access control software that allows remote unauthenticated attackers to read internal server files via directory traversal. This affects version 3.7.1.2, though the vendor disputes this version's existence and claims the issue was fixed in 2017.

📋 TL;DR

CVE-2020-25068 is a local file inclusion vulnerability in Setelsa Conacwin access control software that allows remote unauthenticated attackers to read internal server files via directory traversal. This affects version 3.7.1.2, though the vendor disputes this version's existence and claims the issue was fixed in 2017.

💻 Affected Systems

Products:

Setelsa Conacwin

Versions: v3.7.1.2 (vendor disputes this version exists)

Operating Systems: Windows (based on product documentation)

Default Config Vulnerable: ⚠️ Yes

Notes: Vendor claims affected version doesn't exist and issue was fixed in 2017. Actual vulnerable versions may differ from CVE description.

📦 What is this software?

Conacwin by Setelsa Security

View all CVEs affecting Conacwin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive files like configuration files, passwords, or system files, potentially leading to full system compromise.

🟠

Likely Case

Unauthenticated attackers reading application configuration files containing credentials or sensitive data.

🟢

If Mitigated

Limited impact with proper network segmentation and file system permissions restricting access to sensitive files.

🌐 Internet-Facing: HIGH - Remote unauthenticated exploitation allows attackers to read internal files without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but network segmentation reduces exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub. Simple directory traversal attack requiring minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 2017 (vendor claims fix applied in 2017)

Vendor Advisory: http://setelsa-security.es/productos/control-de-acceso/

Restart Required: Yes

Instructions:

1. Contact Setelsa for latest version. 2. Verify current version. 3. Upgrade to version after 2017. 4. Restart application services.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to Conacwin web interface to trusted networks only

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_NETWORK" port port="PORT" protocol="tcp" accept'
netsh advfirewall firewall add rule name="Conacwin" dir=in action=allow protocol=TCP localport=PORT remoteip=TRUSTED_NETWORK

Web Server Configuration

all

Configure web server to reject directory traversal patterns

# Apache: <LocationMatch "\.\."> Require all denied </LocationMatch>
# Nginx: location ~ \.\. { deny all; }

🧯 If You Can't Patch

Implement strict network segmentation to isolate Conacwin from untrusted networks
Deploy web application firewall (WAF) with directory traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://IP:PORT/../../windows/win.ini (or equivalent sensitive file) and check if file contents are returned

Check Version:

Check application interface or configuration files for version information

Verify Fix Applied:

Attempt same directory traversal attack after patch - should receive 404 or access denied error

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' patterns
Unusual file access patterns from web application logs
Access to sensitive system files from web user context

Network Indicators:

HTTP requests with multiple directory traversal sequences
Unusual file downloads from web application port

SIEM Query:

source="web_logs" AND (url="*../*" OR url="*..\\*" OR url="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2020-25068

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: September 3, 2020

Last Updated: November 21, 2024

🔗 References

http://setelsa-security.es/productos/control-de-acceso/ Vendor Advisory
https://github.com/bryanroma/CVE-2020-25068 Third Party Advisory
https://www.youtube.com/watch?v=CLAHE0qUHXs Exploit,Third Party Advisory
http://setelsa-security.es/productos/control-de-acceso/ Vendor Advisory
https://github.com/bryanroma/CVE-2020-25068 Third Party Advisory
https://www.youtube.com/watch?v=CLAHE0qUHXs Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-25068, you might also want to check these: