PT-2023-24001 · L7 Networks · L7 Networks Instantqos Iq-8000+1

Kaibro

Publicado

2023-06-16

Atualizado

2023-07-03

CVE-2023-32752

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000 (affected versions not specified)

Description The file uploading function in the affected devices does not properly restrict the upload of files with dangerous types. This allows an unauthenticated remote attacker to upload and run arbitrary executable files, potentially enabling them to perform arbitrary system commands or disrupt service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2023-32752

Produtos afetados

L7 Networks Instantqos Iq-8000

L7 Networks Instantscan Is-8000

PT-2023-24001 · L7 Networks · L7 Networks Instantqos Iq-8000+1

CVE-2023-32752

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3