PT-2015-7630 · Lenovo+1 · Lenovo Switch Center+1
Andrea Micalizzi
+1
·
Publicado
2015-11-10
·
Atualizado
2015-11-12
·
CVE-2015-7820
CVSS v2.0
7.1
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM System Networking Switch Center versions prior to 7.3.1.5
Lenovo Switch Center versions prior to 8.1.2.0
Description
A race condition in the administration-panel web service allows remote attackers to obtain privileged-account access. This access can be used to provide input containing directory traversal sequences to read arbitrary files via a request. The issue is related to the ZipDownload.jsp file.
Recommendations
For IBM System Networking Switch Center versions prior to 7.3.1.5, update to version 7.3.1.5 or later.
For Lenovo Switch Center versions prior to 8.1.2.0, update to version 8.1.2.0 or later.
As a temporary workaround, consider restricting access to the administration-panel web service and the ZipDownload.jsp file to minimize the risk of exploitation.
Correção
Race Condition
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm System Networking Switch Center
Lenovo Switch Center