CVE-2024-5433

Vulnerability Description

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to.

Related Weaknesses (CWE)

References

• https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01
• https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01

FAQ

What is CVE-2024-5433?

CVE-2024-5433 is a documented vulnerability. The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerabili...

How severe is CVE-2024-5433?

CVSS scoring is not yet available for CVE-2024-5433. Check NVD for updates.

Is there a patch for CVE-2024-5433?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.