PT-2017-17217 · Cisco · Cisco Telepresence Ix5000 Series

Publicado

2017-05-18

Atualizado

2017-07-08

CVE-2017-6652

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco TelePresence IX5000 Series version 8.2.0

Description A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The issue is due to insufficient input validation, which can be exploited using directory traversal techniques to read files within the filesystem.

Recommendations For Cisco TelePresence IX5000 Series version 8.2.0, update the software to a version that addresses the insufficient input validation issue. As a temporary workaround, consider restricting access to the web framework to minimize the risk of exploitation.

Correção

RCE

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-22

Identificadores relacionados

CVE-2017-6652

Produtos afetados

Cisco Telepresence Ix5000 Series

PT-2017-17217 · Cisco · Cisco Telepresence Ix5000 Series

CVE-2017-6652

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5