PT-2017-16356 · Belden Hirschmann · Gecko Lite Managed Switch

Published

2017-02-13

Updated

2017-03-03

CVE-2017-5163

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Belden Hirschmann GECKO Lite Managed switch versions 2.0.00 and prior

Description An issue was discovered where a copy of the configuration file, including hashes of user passwords, is saved to an accessible location without authentication by path traversal after an administrator downloads the file.

Recommendations For versions 2.0.00 and prior, consider restricting access to the configuration file and the location where it is saved to prevent unauthorized access until a fix is available. As a temporary workaround, restrict access to the affected area to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2017-5163

Affected Products

Gecko Lite Managed Switch

PT-2017-16356 · Belden Hirschmann · Gecko Lite Managed Switch

CVE-2017-5163

Weakness Enumeration

Related Identifiers

Affected Products

References · 4