Lucene search
ShinnaiEDB-ID:51680HistoryAug 21, 2023 - 12:00 a.m.
TSplus 16.0.0.0 - Remote Work Insecure Files and Folders
2023-08-2100:00:00
shinnai
www.exploit-db.com
161
tsplus 16.0.0.0
remote work
insecure files
folders
permissions
cve-2023-31068
windows
deloitte risk advisory italia
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.013
Percentile
86.2%
# Exploit Title: TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Permissions
# Date: 2023-08-09
# Exploit Author: Carlo Di Dato for Deloitte Risk Advisory Italia
# Vendor Homepage: https://tsplus.net/
# Version: Up to 16.0.0.0
# Tested on: Windows
# CVE : CVE-2023-31068
With TSPlus Remote Work (v. 16.0.0.0) you can create a secure single
sign-on web portal and remote desktop gateway that enables users to
remotely access the console session of their office PC.
The solution comes with an embedded web server to allow remote users to
easely connect remotely.
However, insecure file and folder permissions are set, and this could
allow a malicious user to manipulate file content (e.g.: changing the
code of html pages or js scripts) or change legitimate files (e.g.
Setup-RemoteWork-Client.exe) in order to compromise a system or to gain
elevated privileges.
This is the list of insecure files and folders with their respective
permissions:
Permission: Everyone:(OI)(CI)(F)
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\prints
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\downloads\shared
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\js
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\locales
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\html5\own
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\des
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\topmenu
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\imgs\key\parts
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\img
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\software\java\third
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\cp
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\srv
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\images\bramus
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\var\log
-------------------------------------------------------------------------------------------
Permission: Everyone:(F)
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\robots.txt
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\hb.exe.config
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\SessionPrelaunch.Common.dll.config
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\cgi-bin\remoteapp\index.html
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\common.js
C:\Program Files (x86)\TSplus-RemoteWork\Clients\www\download\lang.js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\download\Setup-RemoteWork-Client.exe
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\jwwebsockify.jar
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\jwres\web.jar
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitlist.html
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\html5\own\exitupload.html
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\index.html
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\index.html
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\img\port.bin
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\jws.js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\sha256.js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\java\third\js\prototype\prototype.js
C:\Program Files
(x86)\TSplus-RemoteWork\Clients\www\software\js\jquery.min.jsRelated
nvd
nvd
CVE-2023-31068
2023-09-11 19:15:41
CVE-2023-27133
2023-10-17 16:15:10
prion
prion
Design/Logic Flaw
2023-09-11 19:15:00
Privilege escalation
2023-10-17 16:15:00
vulnrichment
vulnrichment
CVE-2023-31068
2023-09-11 00:00:00
CVE-2023-27133
2023-10-17 00:00:00
zdt
zdt
TSplus 16.0.0.0 - Remote Work Insecure Files and Folders Vulnerability
2023-08-21 00:00:00
cvelist
cvelist
CVE-2023-31068
2023-09-11 00:00:00
CVE-2023-27133
2023-10-17 00:00:00
cve
cve
CVE-2023-31068
2023-09-11 19:15:41
CVE-2023-27133
2023-10-17 16:15:10
packetstorm
packetstorm
TSPlus 16.0.0.0 Insecure Permissions
2023-08-22 00:00:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.8
Confidence
High
EPSS
0.013
Percentile
86.2%
Related for EDB-ID:51680