Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN57224029/ | Third Party Advisory |
https://www.dos-osaka.co.jp/news/2023/03/230301.html | Vendor Advisory |
https://jvn.jp/en/jp/JVN57224029/ | Third Party Advisory |
https://www.dos-osaka.co.jp/news/2023/03/230301.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:44
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/en/jp/JVN57224029/ - Third Party Advisory | |
References | () https://www.dos-osaka.co.jp/news/2023/03/230301.html - Vendor Advisory |
Information
Published : 2023-03-06 00:15
Updated : 2024-11-21 07:44
NVD link : CVE-2023-22336
Mitre link : CVE-2023-22336
CVE.ORG link : CVE-2023-22336
JSON object : View
Products Affected
dos-osaka
- ss1
- rakuraku_pc_cloud_agent
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')