PT-2017-14236 · Cisco · Sa540+1
Hurd4N0
·
Publicado
2017-10-23
·
Atualizado
2017-11-08
·
CVE-2017-15805
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7
Description
The issue allows for directory traversal in "scgi-bin/platform.cgi" via the
thispage parameter, enabling the reading of arbitrary files.Recommendations
For firmware 2.1.71, update to a version that fixes the directory traversal issue in "scgi-bin/platform.cgi".
For firmware 2.2.0.7, update to a version that fixes the directory traversal issue in "scgi-bin/platform.cgi".
As a temporary workaround, consider restricting access to the "scgi-bin/platform.cgi" endpoint to minimize the risk of exploitation.
Avoid using the
thispage parameter in the affected endpoint until the issue is resolved.Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sa520
Sa540