BAE SOCET GXP Path Traversal Vulnerability in GXP Job Service Allowing Arbitrary File Read

A path traversal vulnerability has been identified in the BAE SOCET GXP software, specifically in versions prior to 4.6.0.2. This vulnerability allows an attacker to read arbitrary files from the filesystem through the GXP Job Service. The issue arises because the Job Service does not properly sanitize file path inputs for directory traversal, enabling the potential access of sensitive files depending on the service's running permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized access and disclosure of sensitive files on the system, with the accessed files' contents determined by the permissions of the user under which the GXP Job Service is running.

Remediation

Users are advised to update to SOCET GXP version 4.6.0.2 or later, which addresses this vulnerability by disabling network access for the GXP Job Service by default. For those unable to update immediately, network access can be restricted by removing allowed IPs from the Job Service configuration window and blocking access to the job service ports in the Windows firewall.