Unauthorized File Access via InspectSetup RPC Endpoint

Unauthorized File Access via InspectSetup RPC Endpoint

CVE-2023-2622 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.

Learn more about our Web Application Penetration Testing UK.