CVE-2024-5433
Published: May 28, 2024
Modified: Aug 1, 2024
Description
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to.
| Vendor | Product | Versions |
|---|---|---|
Campbell Scientific | CSI Web Server and RTMC | affected CSI Web Server 1.6affected RTMC 5.0 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now