CVE-2023-31067: 
TSplus Remote Access vulnerability analysis and mitigation

An issue was discovered in TSplus Remote Access through version 16.0.2.14 that involves insecure file and folder permissions. The vulnerability allows Full Control permissions for Everyone on specific directories under %PROGRAMFILES(X86)%\TSplus\Clients\www. This security flaw was disclosed on September 11, 2023, and is tracked as CVE-2023-31067 (NVD, Exploit-DB).

The vulnerability is classified as an Incorrect Default Permissions issue (CWE-276). It has received a CVSS v3.1 Base Score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The security flaw affects multiple directories and files within the TSplus Remote Access installation path, specifically under the %PROGRAMFILES(X86)%\TSplus\Clients\www directory, where Everyone has Full Control permissions (Exploit-DB, NVD).

The vulnerability's impact is severe as it could allow malicious users to manipulate file content, such as modifying HTML pages or JavaScript scripts, or alter legitimate files like Setup-VirtualPrinter-Client.exe. This could lead to system compromise or privilege escalation. The critical CVSS score of 9.8 reflects the potential for complete system compromise through unauthorized access to sensitive files and directories (Exploit-DB).