CVE-2012-1047

Name of the Vulnerable Software and Affected Versions Cyberoam Central Console versions 2.00.2

Description A directory traversal issue exists in the WWWHELP Service, specifically in the js/html/wwhelp.htm file, allowing remote attackers to include and execute arbitrary local files. This is achieved by using a .. (dot dot) in the file parameter within an Online help action.

Recommendations For version 2.00.2, consider restricting access to the file parameter in the Online help action to prevent exploitation until a fix is available. As a temporary workaround, disabling the WWWHELP Service may also minimize the risk of exploitation.