Arbitrary File-Write Vulnerability in On-Premise cnMaestro

Arbitrary File-Write Vulnerability in On-Premise cnMaestro

CVE-2022-1359 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server.

Learn more about our Cis Benchmark Audit For Server Software.