PT-2020-17240 · Lan · Lan Atmservice M3 Atm Monitoring System

Dmitry Kuramin

Published

2020-12-10

Updated

2020-12-14

CVE-2020-29666

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Lan ATMService M3 ATM Monitoring System version 6.1.0

Description A directory-listing issue allows a remote attacker to view log files located in /websocket/logs/, which contain a user's cookie values and the predefined developer's cookie value.

Recommendations For Lan ATMService M3 ATM Monitoring System version 6.1.0, consider restricting access to the /websocket/logs/ directory to prevent unauthorized viewing of log files until a patch is available. As a temporary workaround, restrict access to the vulnerable websocket module to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-29666

Affected Products

Lan Atmservice M3 Atm Monitoring System

PT-2020-17240 · Lan · Lan Atmservice M3 Atm Monitoring System

CVE-2020-29666

Related Identifiers

Affected Products

References · 24