CVE-2023-3512 – This vulnerability allows attackers to download... (How to Fix)

Q: What is the severity of CVE-2023-3512?

CVE-2023-3512 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to download arbitrary files from affected systems using relative path traversal in the 'Download file' parameter. It affects Setelsa Security's ConacWin CB version 3.8.2.2 and earlier. Organizations using this software for security management are at risk.

📋 TL;DR

This vulnerability allows attackers to download arbitrary files from affected systems using relative path traversal in the 'Download file' parameter. It affects Setelsa Security's ConacWin CB version 3.8.2.2 and earlier. Organizations using this software for security management are at risk.

💻 Affected Systems

Products:

Setelsa Security ConacWin CB

Versions: 3.8.2.2 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the file download functionality and affects default installations.

📦 What is this software?

Conacwin by Setelsa Security

View all CVEs affecting Conacwin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through downloading sensitive files like configuration files, passwords, or system files leading to further attacks.

🟠

Likely Case

Unauthorized access to sensitive configuration data, user credentials, or system information that could facilitate lateral movement.

🟢

If Mitigated

Limited to downloading non-sensitive files if proper file permissions and access controls are implemented.

🌐 Internet-Facing: HIGH if the application is exposed to the internet, as exploitation requires no authentication.

🏢 Internal Only: MEDIUM for internal networks, as attackers would need internal access but exploitation is straightforward.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only manipulating the file download parameter with directory traversal sequences like '../'.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.8.2.3 or later

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-setelsa-security-conacwin

Restart Required: Yes

Instructions:

1. Download the latest version from Setelsa Security. 2. Backup current configuration. 3. Install the update. 4. Restart the ConacWin CB service.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement input validation to reject directory traversal sequences in file download requests.

Implement server-side validation to sanitize file paths before processing.

Network Segmentation

all

Restrict network access to ConacWin CB to only authorized users and systems.

Configure firewall rules to limit access to ConacWin CB ports.

🧯 If You Can't Patch

Implement strict file system permissions to limit accessible directories.
Deploy a web application firewall (WAF) with rules to block path traversal attempts.

🔍 How to Verify

Check if Vulnerable:

Test the file download functionality with path traversal payloads like '../../etc/passwd' or similar Windows paths.

Check Version:

Check the ConacWin CB interface or installation directory for version information.

Verify Fix Applied:

Attempt the same path traversal tests after patching; successful downloads should be blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file download requests containing '../' sequences
Multiple failed download attempts from single IPs

Network Indicators:

HTTP requests with path traversal patterns in URL parameters

SIEM Query:

source="conacwin_logs" AND (url="*../*" OR parameter="*../*")

📊 Metadata

CVE ID: CVE-2023-3512

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-23

Published: October 4, 2023

Last Updated: November 21, 2024

🔗 References

https://https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-setelsa-security-conacwin Broken Link
https://github.com/advisories/GHSA-v6jm-v768-76h2 Third Party Advisory
https://https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-setelsa-security-conacwin Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3512, you might also want to check these: