Directory Traversal Remote Code Execution Vulnerability

(CVE-2023-33226)

Summary

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.

Affected Products

Network Configuration Manager 2023.3.1 and previous versions

Fixed Software Release

Network Configuration Manager 2023.4

Acknowledgments

Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative

Advisory Details

Severity

8.0 High

Advisory ID

CVE-2023-33226

First Published

11/01/2023

Fixed Version

Network Configuration Manager 2023.4

CVSS Score

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H