CVE-2022-23347 – CVE-2022-23347 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2022-23347?

CVE-2022-23347 has a CVSS score of 7.5 (HIGH). CVE-2022-23347 is a directory traversal vulnerability in BigAnt Server that allows attackers to access files outside the intended directory. This affects organizations using BigAnt Server v5.6.06 for collaboration and messaging. Attackers can potentially read sensitive system files through improper path validation.

📋 TL;DR

CVE-2022-23347 is a directory traversal vulnerability in BigAnt Server that allows attackers to access files outside the intended directory. This affects organizations using BigAnt Server v5.6.06 for collaboration and messaging. Attackers can potentially read sensitive system files through improper path validation.

💻 Affected Systems

Products:

BigAnt Server

Versions: v5.6.06

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of BigAnt Server v5.6.06. All deployments of this version are vulnerable unless specifically patched or workarounds applied.

📦 What is this software?

Bigant Server by Bigantsoft

View all CVEs affecting Bigant Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive configuration files, credentials, or executing arbitrary code via file inclusion.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, user information, or system details.

🟢

If Mitigated

Limited impact with proper network segmentation, file system permissions, and input validation in place.

🌐 Internet-Facing: HIGH - Directory traversal vulnerabilities on internet-facing systems allow remote attackers to access sensitive files without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could exploit this to escalate privileges or access sensitive data.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept code is available on GitHub. The exploit requires minimal technical skill as directory traversal attacks are well-documented and easy to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.6.07 or later

Vendor Advisory: https://www.bigantsoft.com/

Restart Required: Yes

Instructions:

1. Download the latest version from BigAnt Software website. 2. Backup current configuration and data. 3. Stop the BigAnt Server service. 4. Install the updated version. 5. Restore configuration if needed. 6. Start the service and verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement web application firewall rules or input validation to block directory traversal sequences like '../' and absolute paths.

# Example WAF rule to block directory traversal
SecRule ARGS "\.\./" "id:1001,phase:2,deny,status:403,msg:'Directory Traversal Attempt'

File System Permissions

linux

Restrict BigAnt Server process permissions to only necessary directories using least privilege principles.

# Linux example: chown and chmod restrictions
chown -R bigant:bigant /opt/bigant/data
chmod 750 /opt/bigant

🧯 If You Can't Patch

Implement network segmentation to isolate BigAnt Server from sensitive systems and limit access to trusted IPs only.
Deploy a web application firewall with rules specifically blocking directory traversal patterns and monitor for attack attempts.

🔍 How to Verify

Check if Vulnerable:

Test by attempting to access files outside web root using '../' sequences in URL parameters. Monitor server response for file contents.

Check Version:

Check BigAnt Server administration panel or run: bigant-server --version (Linux) or check installed programs in Windows Control Panel.

Verify Fix Applied:

After patching, repeat the directory traversal tests. The server should return 403 Forbidden or error messages instead of file contents.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' sequences
Access to unusual file paths in web logs
403 Forbidden errors followed by successful file access

Network Indicators:

Unusual file requests to BigAnt Server
Patterns of directory traversal attempts in HTTP traffic

SIEM Query:

source="bigant_logs" AND (url="*../*" OR url="*..\\*" OR status=200 AND file_extension IN ('.conf', '.ini', '.txt', '.xml'))

📊 Metadata

CVE ID: CVE-2022-23347

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: March 21, 2022

Last Updated: November 21, 2024

🔗 References

http://bigant.com Not Applicable,Product
https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347 Exploit,Third Party Advisory
https://www.bigantsoft.com/ Vendor Advisory
http://bigant.com Not Applicable,Product
https://github.com/bzyo/cve-pocs/tree/master/CVE-2022-23347 Exploit,Third Party Advisory
https://www.bigantsoft.com/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23347, you might also want to check these: