CVE-2024-5433 Information

Description

The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous unauthenticated access (allowed by default) by an attacker to files and directories outside of the webserver root directory they should be restricted to.

Reference

https://www.cisa.gov/news-events/ics-advisories/icsa-24-149-01