CVE-2019-12310

Name of the Vulnerable Software and Affected Versions ExaGrid appliances version v4.8.1.1044.P50

Description The issue allows remote attackers to view and retrieve verbose logging information due to a directory traversal vulnerability in the /monitor/data/Upgrade/ directory. This vulnerability can lead to the exposure of sensitive run-time information, including Base64 encoded 'support' credentials, which can result in administrative access to the device.

Recommendations For version v4.8.1.1044.P50, as a temporary workaround, consider restricting access to the /monitor/data/Upgrade/ directory until a patch is available. Avoid using the support credentials in the affected device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.