Securden Unified PAM Path Traversal Vulnerability Allowing Remote Code Execution
Vulnerability
A path traversal vulnerability has been identified in Securden Unified PAM versions 9.0.x through 11.3.1. This vulnerability arises from an unauthenticated upload feature that allows malicious actors to upload binaries and scripts to the server's configuration and web root directories. Exploitation of this vulnerability leads to remote code execution on the Unified PAM server.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected Unified PAM server.
Reproduction
The vulnerability can be reproduced by sending a request to the '/accountapp/upload_web_recordings_from_api_server' endpoint. This request must include path traversal characters in the 'file_name' and 'relative_path' parameters to overwrite arbitrary files, such as the 'postgresBackup.bat' file, which is executed during scheduled database backup tasks.
Remediation
Users are advised to update Securden Unified PAM to version 11.4.4 or higher.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.