Path traversal vulnerability in Remote Spark (https://www.Remotespark.Com/) SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an unauthenticated attacker. This issue affects SparkView: before build 1127.
The vulnerability (CWE-23) consists of improper neutralization of path traversal sequences in the module handling RDP drive redirection. An attacker can craft an appropriate request containing sequences that allow escaping the permitted directory (e.g., '../'), enabling access to any location in the file system. The ability to write files with root privileges enables placement of malicious code or overwriting of critical system files, leading to complete server takeover (RCE).
An attacker can read and write arbitrary files on the server with root privileges, which consequently enables remote code execution and complete takeover of the system and potentially associated infrastructure.
SparkView should be updated to build 1127 or later as soon as possible. Detailed information about the update is available in the vendor's references: https://www.remotespark.com/view/new.html
Remote Spark SparkView in all versions before build 1127 — affects the RDP drive redirection component.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X