CVE-2023-3701 — CRITICAL (9.9)

Vulnerability Description

Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.

CVSS Score

9.9

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Aquaesolutions	Aqua Drive	2.4

Related Weaknesses (CWE)

CWE-22 CWE-23

References

https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-aqua-Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/relative-path-traversal-aqua-Third Party Advisory

FAQ

What is CVE-2023-3701?

CVE-2023-3701 is a vulnerability with a CVSS score of 9.9 (CRITICAL). Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of...

How severe is CVE-2023-3701?

CVE-2023-3701 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-3701?

Check the references section above for vendor advisories and patch information. Affected products include: Aquaesolutions Aqua Drive.