Login Sign Up

CVE-2023-27170

7.5 HIGH

📋 TL;DR

CVE-2023-27170 is a directory traversal vulnerability in Xpand IT Write-back manager v2.3.1 that allows attackers to access files outside the intended directory by manipulating the siteName parameter. This affects organizations using the vulnerable version of this software for data management. Attackers can potentially read sensitive files on the server.

💻 Affected Systems

Products:
  • Xpand IT Write-back manager
Versions: v2.3.1
Operating Systems: All platforms running the vulnerable software
Default Config Vulnerable: ⚠️ Yes
Notes: Only version 2.3.1 is confirmed vulnerable. Other versions may also be affected but not confirmed.

📦 What is this software?

Write Back Manager by Xpand It

View all CVEs affecting Write Back Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading configuration files containing credentials, followed by lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive files containing configuration data, credentials, or proprietary information stored on the server.

🟢

If Mitigated

Limited to reading non-sensitive files if proper file permissions and input validation are implemented.

🌐 Internet-Facing: HIGH - Web applications with directory traversal vulnerabilities are prime targets for automated scanning and exploitation.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to access sensitive files, though external attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires simple HTTP parameter manipulation and is easily automated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to reject siteName parameters containing directory traversal sequences

Implement regex filter: ^[a-zA-Z0-9_-]+$ for siteName parameter

Web Application Firewall Rule

all

Block requests containing directory traversal patterns in parameters

WAF rule to block: ../, ..\, %2e%2e%2f, etc.

🧯 If You Can't Patch

  • Implement strict file permissions to limit accessible directories
  • Deploy network segmentation to isolate the vulnerable system from sensitive data

🔍 How to Verify

Check if Vulnerable:

Test by sending HTTP requests with siteName parameter containing directory traversal sequences like '../../etc/passwd'

Check Version:

Check application version in admin interface or configuration files

Verify Fix Applied:

Attempt the same traversal attacks and verify they are blocked or return error responses

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with siteName parameter containing '../', '..\', or encoded equivalents
  • Unusual file access patterns from web application

Network Indicators:

  • HTTP traffic with suspicious parameter values attempting directory traversal

SIEM Query:

web.url:*siteName=*..%2f* OR web.url:*siteName=*..%5c*

📊 Metadata

CVE ID: CVE-2023-27170
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: October 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27170, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)