Goal Reached Thanks to every supporter β€” we hit 100%!

Goal: 1000 CNY Β· Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-9632 β€” AI Deep Analysis Summary

Q1What is this vulnerability? (Essence + Consequences)

🚨 **Essence**: Arbitrary File Download in ESAFENET CDG. <br>πŸ’₯ **Consequences**: Attackers can steal sensitive system files without authentication. Critical data breach risk!

Q2Root Cause? (CWE/Flaw)

πŸ›‘οΈ **Root Cause**: Mishandling of the `InstallationPack` parameter. <br>πŸ” **Flaw**: Input validation failure in `download.jsp` allows path traversal via `fileName`.

Q3Who is affected? (Versions/Components)

πŸ“¦ **Affected**: ESAFENET CDG V3 and V5 versions. <br>🏒 **Product**: Document Security Management System.

Q4What can hackers do? (Privileges/Data)

πŸ•΅οΈ **Hackers Can**: Download ANY file on the server. <br>πŸ”“ **Privileges**: No login required! Zero-auth exploitation.

Q5Is exploitation threshold high? (Auth/Config)

πŸ“‰ **Threshold**: LOW. <br>βš™οΈ **Config**: No authentication needed. Just send a crafted HTTP request to `download.jsp`.

Q6Is there a public Exp? (PoC/Wild Exploitation)

πŸ“œ **Public Exp?**: YES. <br>πŸ”— **PoC**: Available via Nuclei templates (projectdiscovery). Easy to automate.

Q7How to self-check? (Features/Scanning)

πŸ”Ž **Self-Check**: Scan for `/CDGServer3/ClientAjax` requests. <br>πŸ§ͺ **Test**: Check if `download.jsp` accepts arbitrary `fileName` parameters without error.

Q8Is it fixed officially? (Patch/Mitigation)

🩹 **Fix**: Official patch recommended. <br>⏳ **Status**: CVE published 2019-03-08. Update to latest secure version immediately.

Q9What if no patch? (Workaround)

🚧 **No Patch?**: Block external access to `download.jsp`. <br>πŸ›‘ **Mitigation**: Restrict `InstallationPack` parameter validation. Use WAF rules.

Q10Is it urgent? (Priority Suggestion)

πŸ”₯ **Urgency**: HIGH. <br>⚑ **Priority**: Critical. Zero-auth file download is severe. Patch ASAP!

Continue exploring

Vulnerability detail Full AI analysis (login) n/a