A high-severity vulnerability has been identified in the NI System Web Server, which could allow an unauthorized attacker to access sensitive files on the server. This flaw, known as a relative path traversal, could be exploited remotely to read data outside of the intended web directory, potentially leading to the disclosure of confidential information, system credentials, or intellectual property. Organizations are urged to apply the vendor-provided security updates immediately to mitigate this risk.

The vulnerability is a relative path traversal (also known as "dot-dot-slash") within the NI System Web Server. An unauthenticated, remote attacker can exploit this by sending a specially crafted HTTP request containing ../ sequences to the server. This manipulation tricks the server into navigating outside of the web root directory, granting the attacker read-access to arbitrary files on the underlying file system, limited only by the permissions of the web server's user account. Successful exploitation could allow an attacker to retrieve sensitive files such as configuration files, source code, or password files.

This vulnerability is rated as High severity with a CVSS score of 7.5. Exploitation of this flaw could have a significant negative impact on the business. The primary risk is information disclosure, which could lead to the theft of sensitive corporate data, customer information, intellectual property, or system credentials. A successful attack could result in direct financial loss, reputational damage, loss of customer trust, and potential regulatory penalties for non-compliance with data protection standards. If stolen credentials provide access to other systems, this vulnerability could serve as an initial entry point for a more widespread network compromise.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected systems immediately. Prioritize patching for systems that are publicly accessible via the internet. After patching, it is crucial to review web server access logs for any signs of past or ongoing exploitation attempts.

Proactive Monitoring: Security teams should actively monitor web server logs for HTTP requests containing path traversal sequences, such as ../, ..%2f, ..%c0%af, or their encoded variants. Implement alerts for unusual file access patterns or requests targeting known sensitive system files. Monitor for anomalous outbound network traffic from the web server, which could indicate data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block path traversal attacks. Additionally, harden the server by ensuring the web server process runs with the lowest possible privileges, limiting its ability to access critical system files. Restrict network access to the server, allowing connections only from trusted IP addresses where possible.

Public Exploit Available: false

Given the high severity (CVSS 7.5) and the risk of sensitive information disclosure, we strongly recommend that organizations prioritize the immediate application of the vendor-supplied patches to all vulnerable NI System Web Server instances. Special priority should be given to internet-facing systems, as they are the most likely targets for attack. Although there is no current evidence of active exploitation, the simplicity of exploiting path traversal vulnerabilities makes it highly likely that attackers will develop exploits. Proactive patching is the most effective defense to prevent a potential data breach.