Vulnerabilities > CVE-2023-29586 - Unspecified vulnerability in Codesector Teracopy 3.9.7
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. This leads to Arbitrary File Read by allowing any user to copy any directory in the system to a directory they control. NOTE: the Supplier disputes this because only admin users can copy arbitrary folders, and because the 143984 reference is about a different concern (unrelated to directory copying) that was fixed in 3.5b.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://packetstormsecurity.com/files/143984/TeraCopyService-3.1-Unquoted-Service-Path-Privilege-Escalation.html
- https://packetstormsecurity.com/files/143984/TeraCopyService-3.1-Unquoted-Service-Path-Privilege-Escalation.html
- https://securityandstuff.com/posts/teracopy_arbitrary_read/
- https://securityandstuff.com/posts/teracopy_arbitrary_read/
- https://support.codesector.com/en/articles/10088479-cve-2023-29586
- https://www.youtube.com/watch?v=mrOHtWWFhJI