CVE-2023-6352 - OpenCVE

The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Aquaforest	Tiff Server

Configuration 1 [-]

cpe:2.3:a:aquaforest:tiff_server:4.2.210913:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md	Exploit Third Party Advisory
https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting	Vendor Advisory
https://www.aquaforest.com/blog/tiff-server-security-update	Vendor Advisory
https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf	Product
https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisa-cg

Published: 2023-11-30T18:01:09.116Z

Updated: 2023-11-30T20:53:10.977Z

Reserved: 2023-11-28T02:56:54.701Z

Link: CVE-2023-6352

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-30T18:15:08.963

Modified: 2023-12-11T14:40:41.233

Link: CVE-2023-6352

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-6352", "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725", "state": "PUBLISHED", "assignerShortName": "cisa-cg", "dateReserved": "2023-11-28T02:56:54.701Z", "datePublished": "2023-11-30T18:01:09.116Z", "dateUpdated": "2023-11-30T20:53:10.977Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "TIFF Server", "vendor": "Aquaforest", "versions": [{"lessThanOrEqual": "4.2.210913", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2023-11-30T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.<br></div>"}], "value": "The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9119a7d8-5eab-497f-8521-727c672e3725", "shortName": "cisa-cg", "dateUpdated": "2023-11-30T20:53:10.977Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.aquaforest.com/blog/tiff-server-security-update"}, {"tags": ["product"], "url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"}, {"tags": ["product"], "url": "https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf"}, {"url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"}, {"tags": ["government-resource", "third-party-advisory"], "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"}], "source": {"discovery": "UNKNOWN"}, "title": "Aquaforest TIFF Server default configuration allows access to arbitrary files", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aquaforest:tiff_server:4.2.210913:*:*:*:*:*:*:*", "matchCriteriaId": "D8FEC850-876D-4E93-BB36-53AF2434FBBE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of Aquaforest TIFF Server allows access to arbitrary file paths, subject to any restrictions imposed by Internet Information Services (IIS) or Microsoft Windows. Depending on how a web application uses and configures TIFF Server, a remote attacker may be able to enumerate files or directories, traverse directories, bypass authentication, or access restricted files.\n\n\n"}, {"lang": "es", "value": "La configuraci\u00f3n predeterminada de Aquaforest TIFF Server permite el acceso a rutas de archivos arbitrarias, sujetas a las restricciones impuestas por Internet Information Services (IIS) o Microsoft Windows. Dependiendo de c\u00f3mo una aplicaci\u00f3n web use y configure el servidor TIFF, un atacante remoto puede enumerar archivos o directorios, recorrer directorios, omitir la autenticaci\u00f3n o acceder a archivos restringidos."}], "id": "CVE-2023-6352", "lastModified": "2023-12-11T14:40:41.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}, "published": "2023-11-30T18:15:08.963", "references": [{"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/qwell/disorder-in-the-court/blob/main/README-TylerTechnologies.md"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Vendor Advisory"], "url": "https://www.aquaforest.com/blog/aquaforest-tiff-server-sunsetting"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Vendor Advisory"], "url": "https://www.aquaforest.com/blog/tiff-server-security-update"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Product"], "url": "https://www.aquaforest.com/wp-content/uploads/pdf/ts/TiffServer4.2.pdf"}, {"source": "9119a7d8-5eab-497f-8521-727c672e3725", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/alerts/2023/11/30/multiple-vulnerabilities-affecting-web-based-court-case-and-document-management-systems"}], "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "9119a7d8-5eab-497f-8521-727c672e3725", "type": "Secondary"}]}