QuFirewall Path Traversal Vulnerability Could Expose Sensitive Data
CVE-2023-41291
5.5MEDIUM
Summary
A path traversal vulnerability has been identified in QuFirewall, which may allow authenticated administrators to access and read contents from unexpected files. This could potentially lead to the exposure of sensitive data over the network, increasing the risk of unauthorized information access. To protect against this vulnerability, users are strongly advised to update to QuFirewall version 2.4.1 or later, where this issue has been resolved.
Affected Version(s)
QuFirewall 2.4.x < 2.4.1 ( 2024/02/01 )
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
lebr0nli (Alan Li), working with DEVCORE Internship Program