AIM Path Traversal Vulnerability in Backup Restoration Function
Vulnerability
A path traversal vulnerability has been identified in AIM server version 3.28.0. This vulnerability allows remote attackers to write arbitrary files to the server's filesystem by exploiting the backup restoration process. The issue arises from inadequate path validation when extracting tar files through the 'restore_run_backup' function.
Impact
Exploitation of this vulnerability could lead to unauthorized file writes on the server, potentially allowing overwrites of critical system files or application configurations. Such actions could be used to create backdoors or establish persistence on the affected system.
Reproduction
The vulnerability can be reproduced by sending a crafted tar file to the 'run_instruction' API. This tar file should be designed to exploit the path traversal flaw by including files that, when extracted, overwrite or create files in sensitive locations on the server. Once the tar file is processed by the 'restore_run_backup' function, the path traversal vulnerability is triggered, allowing the malicious payload to be written to the filesystem.
Remediation
Users can update to AIM version 3.29.1, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.