CVE-2023-35801
📋 TL;DR
A directory traversal vulnerability in Safe Software FME Server allows authenticated attackers with write privileges to bypass validation when editing network-based resource connections, enabling unauthorized reading and writing of arbitrary files. This affects FME Server versions before 2022.2.5 and FME Flow versions before 2023.0. Organizations using these products for data integration and transformation are at risk.
💻 Affected Systems
- Safe Software FME Server
- Safe Software FME Flow
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through arbitrary file write leading to remote code execution, data exfiltration, or system destruction.
Likely Case
Unauthorized access to sensitive configuration files, credentials, or data, potentially leading to data theft or further privilege escalation.
If Mitigated
Limited impact if proper access controls restrict user privileges and network segmentation isolates vulnerable systems.
🎯 Exploit Status
Exploitation requires authenticated access but directory traversal techniques are well-understood and easy to implement.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: FME Server 2022.2.5 or later, FME Flow 2023.0 or later
Vendor Advisory: https://community.safe.com/s/article/Known-Issue-FME-Flow-Directory-Traversal-Vulnerability
Restart Required: Yes
Instructions:
1. Download the patched version from Safe Software downloads portal. 2. Backup current configuration and data. 3. Install the patched version following vendor documentation. 4. Restart FME services.
🔧 Temporary Workarounds
Restrict User Privileges
allLimit write access to network-based resource connections to only essential administrators.
Network Segmentation
allIsolate FME Server/FME Flow instances from sensitive systems and limit network access.
🧯 If You Can't Patch
- Implement strict access controls to limit which users can edit network-based resource connections.
- Deploy file integrity monitoring to detect unauthorized file modifications and implement network segmentation.
🔍 How to Verify
Check if Vulnerable:
Check FME Server/FME Flow version via web interface or configuration files. Versions before 2022.2.5 (FME Server) or 2023.0 (FME Flow) are vulnerable.Check Version:
Check web interface or configuration files for version information. No single command available across all deployments.Verify Fix Applied:
Confirm version is 2022.2.5 or later for FME Server, or 2023.0 or later for FME Flow. Test directory traversal attempts should be blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in FME logs
- Multiple failed directory traversal attempts
- Unauthorized file modification events
Network Indicators:
- Unusual outbound connections from FME Server to external systems
- Traffic patterns indicating data exfiltration
SIEM Query:
source="fme_server" AND (event="file_access" OR event="directory_traversal")🔗 References
- https://community.safe.com/s/
- https://community.safe.com/s/article/Known-Issue-FME-Flow-Directory-Traversal-Vulnerability
- https://downloads.safe.com/fme/2023/whatsnew_server_2023_0_0_3.txt
- https://community.safe.com/s/
- https://community.safe.com/s/article/Known-Issue-FME-Flow-Directory-Traversal-Vulnerability
- https://downloads.safe.com/fme/2023/whatsnew_server_2023_0_0_3.txt
