PT-2016-5100 · Meteocontrol · Meteocontrol Web'Log

Karn Ganeshen

Publicado

2016-05-14

Atualizado

2016-11-30

CVE-2016-2297

CVSS v2.0

9.7

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions Meteocontrol WEB'log versions Basic 100, Light, Pro, and Pro Unlimited

Description The issue allows remote attackers to execute arbitrary commands via an "access command shell-like feature."

Recommendations For Meteocontrol WEB'log Basic 100, consider disabling the access command shell-like feature until a patch is available. For Meteocontrol WEB'log Light, consider disabling the access command shell-like feature until a patch is available. For Meteocontrol WEB'log Pro, consider disabling the access command shell-like feature until a patch is available. For Meteocontrol WEB'log Pro Unlimited, consider disabling the access command shell-like feature until a patch is available.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2016-2297

Produtos afetados

Meteocontrol Web'Log

PT-2016-5100 · Meteocontrol · Meteocontrol Web'Log

CVE-2016-2297

Identificadores relacionados

Produtos afetados

Referências · 3