PT-2016-3223 · Brocade · Brocade Network Advisor

Rgod

Publicado

2016-10-17

Atualizado

2018-05-10

CVE-2016-8205

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Brocade Network Advisor versions prior to and including 14.0.2

Description The issue exists due to incorrect restriction of the path name to a directory with limited access in the DashboardFileReceiveServlet of the Brocade Network Advisor system. This could allow a remote attacker to upload a malicious file to a section of the file system where it can be executed.

Recommendations For Brocade Network Advisor versions prior to and including 14.0.2, update to a version later than 14.0.2 to resolve the issue. As a temporary workaround, consider restricting access to the DashboardFileReceiveServlet to minimize the risk of exploitation.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2017-02598

CVE-2016-8205

ZDI-17-050

Produtos afetados

Brocade Network Advisor

PT-2016-3223 · Brocade · Brocade Network Advisor

CVE-2016-8205

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9