PT-2018-10721 · Dialogic · Dialogic Powermedia Xms

Publicado

2018-07-03

·

Atualizado

2020-08-24

·

CVE-2018-11637

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Dialogic PowerMedia XMS versions prior to 3.5
Description The issue allows remote attackers to read arbitrary files from the /var/ directory due to a symlink existing under the web root in the administrative console.
Recommendations For versions prior to 3.5, update to version 3.5 or later to resolve the issue.

Exploit

Correção

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59

Identificadores relacionados

CVE-2018-11637

Produtos afetados

Dialogic Powermedia Xms