CVE-2023-5938

Path traversal via 'zip slip' in Arc before v1.6.0

Severity Score

8.9

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks.

An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files extracted to arbitrary filesystem locations. Leveraging this issue, an attacker may be able to overwrite arbitrary files on the target filesystem and cause critical impacts on the system (e.g., arbitrary command execution on the victim’s machine).

Múltiples funciones utilizan archivos sin validar adecuadamente los nombres de los mismos, lo que hace que la aplicación sea vulnerable al path traversal mediante ataques de "deslizamiento zip". Un administrador capaz de proporcionar archivos manipulados para que sean procesados por las versiones afectadas de Arc puede extraer archivos arbitrarios en ubicaciones arbitrarias del sistema de archivos. Aprovechando este problema, un atacante puede sobrescribir archivos arbitrarios en el sistema de archivos de destino y causar impactos críticos en el sistema (por ejemplo, ejecución de comandos arbitrarios en la máquina de la víctima).

*Credits: This issue was found by Gabriele Quagliarella of Nozomi Networks Security Research team during an internal penetration testing session.

Attack Vector

Network

Attack Complexity

High

Attack Requirements

Present

Privileges Required

High

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-11-02 CVE Reserved
2024-05-15 CVE Published
2024-05-16 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

CAPEC-139: Relative Path Traversal

References (1)

URL	Tag	Source
https://security.nozominetworks.com/NN-2023:16-01

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nozomi Networks Search vendor "Nozomi Networks"		Arc Search vendor "Nozomi Networks" for product "Arc"				< 1.6.0 Search vendor "Nozomi Networks" for product "Arc" and version " < 1.6.0"		en		Affected