NetVision Information airPASS - Path Traversal

Vulnerability

NetVision airPASS version 2.9.0.200703 contains a path traversal vulnerability in a specific URL parameter. An unauthenticated remote attacker can exploit this flaw to bypass authentication and read arbitrary files from the server's filesystem [1].

Exploitation

The attacker does not require any prior authentication or user interaction. By sending a crafted HTTP request with path traversal sequences (e.g., ../) in the vulnerable parameter, the attacker can navigate outside the intended web root directory and access any file on the system [1].

Impact

Successful exploitation allows the attacker to download arbitrary system files, leading to unauthorized information disclosure. The confidentiality of sensitive data is compromised, while integrity and availability are not directly affected [1].

Mitigation

The vendor has released version 2.9.0.231006 which fixes the vulnerability. Users should update to this version immediately. No workarounds are documented, and the vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].