Problem:
When downloading files using the web interface, the name of the file is provided. This is vulnerable to directory traversal using ../, allowing files to be downloaded from the system. Directory Traversal is possible from the web interface allowing Escalation of Privileges, by providing ../ in the file download parameter. You still needed to be logged in to the Dualog Connection Suite software, but it is a problem that you can download almost any file available on the system if you know the exact filename.
Fix:
This was possible due to a misconfiguration of the webserver and is fixed in Connection Suite 3.0.0 and later. Dualog Connection Suite 3.0 was released on December 8, 2020. See Connection Suite 3.0 release notes here.
Source
This vulnerability was found by PenTestPartners (PTP) during a random security testing.
Comments
Article is closed for comments.