Telos · Telos Z/Ip One · CVE-2020-17383
**Name of the Vulnerable Software and Affected Versions**
Telos Z/IP One versions through 4.0.0r
**Description**
A directory traversal issue allows an unauthenticated individual to gain root level access to the device's file system. This access can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI.
**Recommendations**
For versions through 4.0.0r, consider restricting access to the WebUI to minimize the risk of exploitation until a patch is available.
As a temporary workaround, limit the use of remote configuration features to reduce the attack surface.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.