CVE-2023-4171

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 5, 2023

Updated: May 17, 2024

CWE ID 552

Summary

CVE-2023-4171 is a newly disclosed vulnerability in the Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue lies within the unknown code of the file "Service\FileDownload.ashx" and involves a path traversal vulnerability. The manipulation of the argument "Files" allows attackers to traverse directories and gain unauthorized access, which can be exploited remotely. The exploit for this vulnerability is publicly available, increasing the risk for potential attacks. VDB-236206 is the identifier assigned to this susceptibility.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zscaler Proxy

Affected Vendors

Zscaler

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sD__iH
https://www.cve.org/CVERecord?id=CVE-2023-4171
https://nvd.nist.gov/vuln/detail/CVE-2023-4171

Back to Vulnerability Database