CVE-2023-38126
HIGHSofting edgeAggregator - Authenticated Remote Code Execution via Backup Zip File Path Traversal
Title source: llmDescription
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of backup zip files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this to execute code in the context of root. Was ZDI-CAN-20543.
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_research-advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1058/
Scores
CVSS v3
7.2
EPSS
0.6861
EPSS Percentile
99.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
softing/edgeaggregator
3.4.0
Published
Dec 19, 2023
Tracked Since
Feb 18, 2026