CVE-2022-23377 – CVE-2022-23377 is a local file inclusion vulner... (How to Fix)

Q: What is the severity of CVE-2022-23377?

CVE-2022-23377 has a CVSS score of 7.5 (HIGH). CVE-2022-23377 is a local file inclusion vulnerability in Archeevo document management systems that allows attackers to read arbitrary files on the server through a crafted file parameter. This affects all Archeevo installations below version 5.0. Attackers can exploit this to access sensitive configuration files and potentially escalate privileges.

📋 TL;DR

CVE-2022-23377 is a local file inclusion vulnerability in Archeevo document management systems that allows attackers to read arbitrary files on the server through a crafted file parameter. This affects all Archeevo installations below version 5.0. Attackers can exploit this to access sensitive configuration files and potentially escalate privileges.

💻 Affected Systems

Products:

Archeevo

Versions: All versions below 5.0

Operating Systems: Windows, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations with web interface enabled. The vulnerability is in the file parameter handling.

📦 What is this software?

Archeevo by Keep

View all CVEs affecting Archeevo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through retrieval of sensitive files like /etc/passwd, database credentials, or SSH keys leading to lateral movement and data exfiltration.

🟠

Likely Case

Unauthorized access to sensitive configuration files, potentially exposing credentials, system information, or application secrets.

🟢

If Mitigated

Limited impact with proper file permissions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: HIGH - Directly exploitable via web interface without authentication in default configurations.

🏢 Internal Only: MEDIUM - Still exploitable by authenticated users or attackers who gain initial access to the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires simple HTTP requests with crafted file parameter. Multiple public exploits available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.0 and above

Vendor Advisory: https://www.archeevo.com/security-advisories

Restart Required: Yes

Instructions:

1. Backup current installation and data. 2. Download Archeevo version 5.0 or later from official vendor. 3. Follow vendor upgrade documentation. 4. Restart application services. 5. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to block file parameter containing path traversal sequences

Modify web.config or application code to sanitize 'file' parameter input

Web Application Firewall Rules

all

Block requests containing path traversal patterns in file parameter

WAF rule: block requests with 'file=~/' or '../' patterns

🧯 If You Can't Patch

Implement strict network segmentation to isolate Archeevo servers from sensitive systems
Apply strict file system permissions to limit access to sensitive configuration files

🔍 How to Verify

Check if Vulnerable:

Test by accessing URL: http://target/archeevo/path?file=~/web.config and check if server returns web.config file

Check Version:

Check Archeevo admin interface or version.txt file in installation directory

Verify Fix Applied:

Attempt same exploit after patching - should return error or sanitized output

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing 'file=~/' in query parameters
Multiple 200 OK responses to file parameter requests

Network Indicators:

Unusual file access patterns via web interface
Requests for known sensitive files like web.config, passwd, shadow

SIEM Query:

source="web_logs" AND (uri_query="*file=~/*" OR uri_query="*file=../*")

📊 Metadata

CVE ID: CVE-2022-23377

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-552

Published: March 1, 2022

Last Updated: November 21, 2024

🔗 References

https://www.exploit-db.com/exploits/50665 Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/50665 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23377, you might also want to check these: