ChangingTec MegaServiSignAdapter - Path Traversal

Vulnerability

The MegaServiSignAdapter component from ChangingTech (MegaServiSignAdapter Windows version v1.0.17.0823) contains a path traversal vulnerability in its file reading function. The vulnerability arises because user-supplied path parameters are not properly sanitized, allowing directory traversal sequences to escape the intended directory. The affected versions include v1.0.17.0823 and likely earlier releases [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending a crafted HTTP request to the affected file reading function with path traversal sequences (e.g., ../). No prior authentication or user interaction is required. The attacker must be able to reach the service over the network [1].

Impact

Successful exploitation allows the attacker to bypass authentication mechanisms and read arbitrary files on the system. This leads to disclosure of sensitive information such as configuration files, credentials, or other confidential data, resulting in a high confidentiality impact with no impact on integrity or availability [1].

Mitigation

The vendor has released version v1.0.22.1004 which fixes the vulnerability. Users should update to this version immediately. No known workarounds are available for unpatched versions. The vulnerability is not currently listed on the CISA KEV [1].