CVE-2023-33871 – CVE-2023-33871 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2023-33871?

CVE-2023-33871 has a CVSS score of 7.5 (HIGH). CVE-2023-33871 is a directory traversal vulnerability in Iagona ScrutisWeb that allows unauthenticated attackers to access files outside the webroot directory. This affects versions 2.1.37 and earlier of the software, potentially exposing sensitive configuration files, credentials, or system data.

📋 TL;DR

CVE-2023-33871 is a directory traversal vulnerability in Iagona ScrutisWeb that allows unauthenticated attackers to access files outside the webroot directory. This affects versions 2.1.37 and earlier of the software, potentially exposing sensitive configuration files, credentials, or system data.

💻 Affected Systems

Products:

Iagona ScrutisWeb

Versions: 2.1.37 and prior

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with affected versions are vulnerable by default. The vulnerability requires no authentication.

📦 What is this software?

Scrutisweb by Iagona

View all CVEs affecting Scrutisweb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could retrieve sensitive system files, configuration data, or credentials, leading to complete system compromise, data exfiltration, or lateral movement within the network.

🟠

Likely Case

Unauthenticated attackers accessing configuration files, logs, or other sensitive data stored outside the webroot, potentially enabling further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation, web application firewalls, and file permission restrictions in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities typically have low exploitation complexity and can be exploited with simple HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.1.38 or later

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03

Restart Required: Yes

Instructions:

1. Download the latest version from Iagona. 2. Backup current installation. 3. Install the updated version. 4. Restart the ScrutisWeb service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to ScrutisWeb to trusted networks only

Web Application Firewall

all

Implement WAF rules to block directory traversal patterns

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy a web application firewall with directory traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check the ScrutisWeb version in the application interface or configuration files. If version is 2.1.37 or earlier, the system is vulnerable.

Check Version:

Check the application web interface or configuration files for version information

Verify Fix Applied:

Verify the version has been updated to 2.1.38 or later and test that directory traversal attempts are properly blocked.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' or similar traversal patterns
Access to files outside expected webroot directories
Unauthenticated requests to sensitive file paths

Network Indicators:

HTTP requests with directory traversal sequences in URLs or parameters
Unusual file access patterns from external IPs

SIEM Query:

source="scrutisweb" AND (url="*../*" OR url="*..\\*" OR url="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2023-33871

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: July 18, 2023

Last Updated: November 21, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03 Third Party Advisory,US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-03 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON