CVE-2023-47251 - OpenCVE

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
M-privacy	Mprivacy-tools Tightgatevnc

Configuration 1 [-]

OR	cpe:2.3:a:m-privacy:mprivacy-tools::::::::
	cpe:2.3:a:m-privacy:tightgatevnc::::::::

No data.

References

Link	Providers
http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html
http://seclists.org/fulldisclosure/2023/Nov/13
https://sec-consult.com/en/vulnerability-lab/advisories/index.html
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/
https://www.m-privacy.de/en/tightgate-pro-safe-surfing/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-11-22T00:00:00

Updated: 2024-08-02T21:09:35.925Z

Reserved: 2023-11-04T00:00:00

Link: CVE-2023-47251

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-22T18:15:08.930

Modified: 2023-11-30T20:49:57.593

Link: CVE-2023-47251

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-47251", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T21:09:35.925Z", "dateReserved": "2023-11-04T00:00:00", "datePublished": "2023-11-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-11-28T17:06:26.884619"}, "descriptions": [{"lang": "en", "value": "In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html"}, {"url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/"}, {"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/"}, {"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Nov/13"}, {"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:09:35.925Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", "tags": ["x_transferred"]}, {"url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/", "tags": ["x_transferred"]}, {"url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/", "tags": ["x_transferred"]}, {"name": "20231127 SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Nov/13"}, {"url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:m-privacy:mprivacy-tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C0366BD-EE82-49FD-9EE8-120930841307", "versionEndExcluding": "2.0.406g", "vulnerable": true}, {"criteria": "cpe:2.3:a:m-privacy:tightgatevnc:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8C3B7A9-F7EA-490E-8DD4-E2D0E3F3634D", "versionEndExcluding": "4.1.2-1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers (with access to a VNC session) to automatically transfer malicious PDF documents by moving them into the .spool directory, and then sending a signal to the VNC service, which automatically transfers them to the connected VNC client's filesystem."}, {"lang": "es", "value": "En mprivacy-tools anterior a 2.0.406g en m-privacy TightGate-Pro Server, un Directory Traversal en la funci\u00f3n de impresi\u00f3n del servicio VNC permite a atacantes autenticados (con acceso a una sesi\u00f3n de VNC) transferir autom\u00e1ticamente documentos PDF maliciosos movi\u00e9ndolos al directorio .spool y luego env\u00eda una se\u00f1al al servicio VNC, que los transfiere autom\u00e1ticamente al sistema de archivos del cliente VNC conectado."}], "id": "CVE-2023-47251", "lastModified": "2023-11-30T20:49:57.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-22T18:15:08.930", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/175949/m-privacy-TightGate-Pro-Code-Execution-Insecure-Permissions.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Nov/13"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-m-privacy-tightgate-pro/"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://www.m-privacy.de/en/tightgate-pro-safe-surfing/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}