CVE-2023-3701 CRITICAL

CVE-2023-3701: Relative path traversal in Aqua eSolutions

Vendor Aqua Esolutions

Product Aqua Drive

Weakness CWE-23

Published October 4, 2023

Last update September 19, 2024

View on NVD All CVEs

CVSS base score

9.9/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.

Key dates

02Disclosure timeline

October 4, 2023 CVE published

September 19, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3701

Related vulnerabilities

CVE-2023-3701: Relative path traversal in Aqua eSolutions

01Description

02Disclosure timeline

03References

04Related CVE