PT-2017-14236 · Cisco · Sa540+1

Hurd4N0

Published

2017-10-23

Updated

2017-11-08

CVE-2017-15805

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7

Description The issue allows for directory traversal in "scgi-bin/platform.cgi" via the thispage parameter, enabling the reading of arbitrary files.

Recommendations For firmware 2.1.71, update to a version that fixes the directory traversal issue in "scgi-bin/platform.cgi". For firmware 2.2.0.7, update to a version that fixes the directory traversal issue in "scgi-bin/platform.cgi". As a temporary workaround, consider restricting access to the "scgi-bin/platform.cgi" endpoint to minimize the risk of exploitation. Avoid using the thispage parameter in the affected endpoint until the issue is resolved.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-15805

Affected Products

Sa520

Sa540

PT-2017-14236 · Cisco · Sa540+1

CVE-2017-15805

Weakness Enumeration

Related Identifiers

Affected Products

References · 3