PTC Vuforia Studio Path Traversal
CVE-2023-29502

4.3MEDIUM

Key Information:

Vendor

PTC

Status
Vuforia Studio
Vendor
CVE Published:
7 June 2023

What is CVE-2023-29502?

Before importing a project into Vuforia, a user could modify the “resourceDirectory” attribute in the appConfig.json file to be a different path.

Affected Version(s)

Vuforia Studio 0 < 9.9

References

https://https://www.cisa.gov/news-events/ics-advisories/i...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lockheed Martin—Red Team reported these vulnerabilities to PTC.
.