CVE-2023-30945
📋 TL;DR
This vulnerability allows unauthenticated attackers to read, write, or delete arbitrary files on affected systems due to insufficient filename validation. It affects multiple services including VHS (Video History Server), VCD (Video Clip Distributor), and Clips2. Any organization running these vulnerable services is at risk.
💻 Affected Systems
- VHS (Video History Server)
- VCD (Video Clip Distributor)
- Clips2
📦 What is this software?
Clips2 by Palantir
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via sensitive file reading (credentials, configuration files) or arbitrary file writing (backdoor installation, system destruction).
Likely Case
Data exfiltration of sensitive files, service disruption through file deletion, or limited system access via configuration file manipulation.
If Mitigated
Limited impact if services are isolated, run with minimal privileges, and have strict network access controls.
🎯 Exploit Status
Path traversal/file manipulation vulnerabilities typically have low exploitation complexity once details are known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in provided references
Vendor Advisory: https://palantir.safebase.us/?tcuUid=e62e4dad-b39b-48ba-ba30-7b7c83406ad9
Restart Required: Yes
Instructions:
1. Check vendor advisory for specific patch versions. 2. Apply patches to all affected services. 3. Restart services after patching. 4. Verify patch application.
🔧 Temporary Workarounds
Network Isolation
allRestrict network access to affected services using firewalls or network segmentation
Service Account Hardening
linuxRun services with minimal file system permissions
chmod 750 /path/to/service/directories
chown restricted_user:restricted_group /path/to/service/directories
🧯 If You Can't Patch
- Implement strict network access controls to limit service exposure
- Monitor file system access patterns and implement file integrity monitoring
🔍 How to Verify
Check if Vulnerable:
Check service versions against vendor advisory. Test with controlled path traversal attempts if authorized.Check Version:
Check service documentation for version query commands (varies by service)Verify Fix Applied:
Verify patch version is installed and test that path traversal attempts are properly rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns
- Path traversal strings in request logs
- Failed file access attempts outside expected directories
Network Indicators:
- Unusual file-related requests to affected services
- Requests with '../' patterns in filenames
SIEM Query:
source="service_logs" AND ("../" OR "..\\" OR "%2e%2e%2f")