216.73.216.67

CVE-2024-5433

· Published 28/05/2024 19:15 · Modified 28/05/2024 19:15

Labels: CVE-2024-5433 2024-05-28CVE-2024-5433CWE-22[email protected]

Essential information

Published
28/05/2024 19:15
Modified
28/05/2024 19:15
Author
Creator
CISA KEV
No
CWE

Description

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References