CVE-2021-37447: 
NixOS vulnerability analysis and mitigation

In NCH Quorum v2.03 and earlier, an authenticated user can exploit directory traversal vulnerabilities to read and delete files on the remote system via multiple functions. The vulnerability is tracked as CVE-2021-37447 and affects the documentdelete?file=/.. endpoint (NCH Advisory, GitHub POC).

The vulnerability exists due to improper validation of file paths in multiple functions. An authenticated attacker can use path traversal sequences (../../) to access files outside the intended directory through endpoints like documentdelete?file=, logprop?file=, and documentprop?file=. The CVSS v3.1 base score is 8.1 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) (NVD).

Successful exploitation allows an authenticated attacker to read and delete arbitrary files on the system, depending on the application's running context. This can expose sensitive information including credential files of other NCH applications stored in \ProgramData\NCH Software\ (GitHub POC).

Users should upgrade to a version newer than 2.03. NCH Software has acknowledged the security notice stating that admin users can have access to system files (NCH Advisory).