CVE-2023-27055

Vulnerability

A directory traversal vulnerability exists in Aver Information Inc.'s PTZApp2, a web application used to control AVer USB cameras, running on localhost. Versions prior to update 2.0.1051.53, including v20.01044.48, are affected. The vulnerability stems from insufficient filtering and validation of user-supplied input in GET requests, allowing path traversal sequences to access files outside the intended directory [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted GET request to the web application. No authentication is required. The attacker can use path traversal sequences (e.g., '../' or '..\\') to navigate the filesystem. A proof-of-concept script demonstrates reading the HOSTS file, but other sensitive files can be targeted [1].

Impact

Successful exploitation allows an attacker to read arbitrary files on the system, including sensitive configuration files, public and private keys of the web application server, and other confidential data. This leads to information disclosure, potentially compromising further security measures [1].

Mitigation

Aver has released an update (version 2.0.1051.53) that fixes this vulnerability. Users should upgrade to this version or later. There is no workaround provided for unpatched versions [1].