PT-2018-10650 · Sonus · Sonus Sbc 2000+2
Publicado
2018-07-09
·
Atualizado
2018-09-12
·
CVE-2018-11543
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Sonus SBC 1000 versions 6.0.x up to Build 446
Sonus SBC 1000 versions 6.1.x up to Build 492
Sonus SBC 1000 versions 7.0.x up to Build 485
Sonus SBC 2000 versions 6.0.x up to Build 446
Sonus SBC 2000 versions 6.1.x up to Build 492
Sonus SBC 2000 versions 7.0.x up to Build 485
Sonus SBC SWe Lite versions 6.1.x up to Build 111
Sonus SBC SWe Lite versions 7.0.x up to Build 140
Description
A Local File Inclusion (LFI) issue in the web interface of the affected devices allows for the downloading of arbitrary files. This could potentially lead to sensitive information disclosure.
Recommendations
For Sonus SBC 1000 versions 6.0.x up to Build 446, update to a version later than Build 446 to resolve the issue.
For Sonus SBC 1000 versions 6.1.x up to Build 492, update to a version later than Build 492 to resolve the issue.
For Sonus SBC 1000 versions 7.0.x up to Build 485, update to a version later than Build 485 to resolve the issue.
For Sonus SBC 2000 versions 6.0.x up to Build 446, update to a version later than Build 446 to resolve the issue.
For Sonus SBC 2000 versions 6.1.x up to Build 492, update to a version later than Build 492 to resolve the issue.
For Sonus SBC 2000 versions 7.0.x up to Build 485, update to a version later than Build 485 to resolve the issue.
For Sonus SBC SWe Lite versions 6.1.x up to Build 111, update to a version later than Build 111 to resolve the issue.
For Sonus SBC SWe Lite versions 7.0.x up to Build 140, update to a version later than Build 140 to resolve the issue.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sonus Sbc 1000
Sonus Sbc 2000
Sonus Sbc Swe Lite