Severity: 9.9 - Critical Severity
|Impacket prior to version 0.9.23 is vulnerable to Path Traversal.|
Impacket prior to 0.9.23
If the vulnerability is exploited, an attacker could write files to any location on the affected computer. This could be elevated to an RCE in a variety of ways depending on the environment and the operating system.
- For a full and detailed reproduction see: Checkmarx Research Blogpost
Files should only be listed and written to the intended work directory.
This issue was fixed in version 0.9.23 through the commit.
Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
This issue was discovered and reported by Checkmarx Security Researcher Omri Inbar.
- Commit (cae2031)