PT-2015-7627 · Lenovo+1 · Lenovo Switch Center+1
Andrea Micalizzi
+1
·
Published
2015-11-10
·
Updated
2015-11-12
·
CVE-2015-7817
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM System Networking Switch Center versions prior to 7.3.1.5
Lenovo Switch Center versions prior to 8.1.2.0
Description
The issue allows remote attackers to obtain privileged-account access due to a race condition in the administration-panel web service. This access can be used to provide
FileReader.jsp input containing directory traversal sequences, enabling the reading of arbitrary text files via a request to port 40080 or 40443.Recommendations
For IBM System Networking Switch Center versions prior to 7.3.1.5, update to version 7.3.1.5 or later.
For Lenovo Switch Center versions prior to 8.1.2.0, update to version 8.1.2.0 or later.
As a temporary workaround, consider restricting access to the administration-panel web service and the
FileReader.jsp page to minimize the risk of exploitation.Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm System Networking Switch Center
Lenovo Switch Center