PT-2019-15300 · Ge · Relion 670 Series
Published
2019-11-27
·
Updated
2023-05-16
·
CVE-2019-18253
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Relion 670 Series versions 1p1r26 through 2.1.0.1
Relion 670 Series versions prior to 1p1r26
Description
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series outside the intended directory.
Recommendations
For Relion 670 Series versions 1p1r26 through 2.1.0.1, consider restricting access to sensitive files and directories until a patch is available.
For Relion 670 Series versions prior to 1p1r26, consider updating to a version that is not vulnerable, if available.
As a temporary workaround, consider disabling the specific request that allows file reading or deletion outside the intended directory until a patch is available.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Relion 670 Series