Headline
CVE-2023-3701: Relative Path Traversal Aqua Esolutions | INCIBE-CERT
Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.
Affected Resources
Aqua Drive, version 2.4.
Description
INCIBE has coordinated the publication of a vulnerability affecting Aqua Drive, which has been discovered by Ander Martínez (Titanium Industrial Security).
The following code has been assigned to this vulnerability:
CVE-2023-3701:
- CVSS v3.1 base score: 9.9.
- CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Vulnerability type: CWE-23: Relative Path Traversal.
Solution
Update to version 2.5.
Detail
CVE-2023-3701: Aqua Drive is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.