PT-2020-7446 · Videolan · Vlc Media Player

Published

2020-02-06

Updated

2020-02-12

CVE-2013-3564

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: VLC media player versions prior to 2.0.7

Description: The issue concerns a lack of access control in the web interface, allowing remote attackers to view directory listings or issue commands without authentication. This can be achieved via the dir command or other commands.

Recommendations: For versions prior to 2.0.7, update to version 2.0.7 or later to resolve the issue. As a temporary workaround, consider disabling the web interface until a patch is available. Restrict access to the web interface to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-3564

Affected Products

Vlc Media Player

PT-2020-7446 · Videolan · Vlc Media Player

CVE-2013-3564

Weakness Enumeration

Related Identifiers

Affected Products

References · 9