PT-2014-3587 · Xangati · Xangati Xnr+1
Jan Kadijk
·
Published
2014-04-15
·
Updated
2014-04-15
·
CVE-2014-0358
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Xangati XSR versions prior to 11
Xangati XNR versions prior to 7
Description
The issue allows remote attackers to read arbitrary files via a .. (dot dot) in various parameters. This can be achieved through several API endpoints, including:
"getUpgradeStatus" action to "servlet/MGConfigData" using the
file parameter,
"download" action to "servlet/MGConfigData" using the download parameter,
"port svc" action to "servlet/MGConfigData" using the download parameter,
"getfile" action to "servlet/Installer" using the file parameter,
and "servlet/MGConfigData" using the binfile parameter.Recommendations
For Xangati XSR versions prior to 11, update to version 11 or later.
For Xangati XNR versions prior to 7, update to version 7 or later.
As a temporary workaround, consider restricting access to the affected servlets and parameters until a patch is available.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xangati Xnr
Xangati Xsr