Allegra saveFile Directory Traversal Remote Code Execution Vulnerability
CVE-2023-52333

7.3HIGH

Key Information:

Vendor: Allegra
Status: Allegra
Vendor: CVE Published:; 22 November 2024

What is CVE-2023-52333?

A directory traversal vulnerability has been identified within the saveFile method of Allegra. This flaw arises from insufficient validation of user-supplied paths, allowing attackers with valid authentication to manipulate file operations. By exploiting this vulnerability, a remote attacker can execute arbitrary code with the privileges of the LOCAL SERVICE account. This poses significant security risks as it may lead to unauthorized operations on affected systems.

Affected Version(s)

Allegra 7.5.0 build 29

References

https://www.zerodayinitiative.com/advisories/ZDI-24-104/

x_research-advisory

https://www.trackplus.com/en/service/release-notes-reader...

vendor-advisory

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Jan 11, 2024

CVE-2023-52333 Data

JSON