PT-2021-9154 · Invigo · Invigo Automatic Device Management

Published

2021-03-25

Updated

2021-03-26

CVE-2020-10579

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Invigo Automatic Device Management (ADM) versions through 5.0

Description A directory traversal issue in the /admin/sysmon.php script allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.

Recommendations For Invigo Automatic Device Management (ADM) versions through 5.0, consider restricting access to the /admin/sysmon.php script until a patch is available. As a temporary workaround, limit the privileges of the user running the application to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-10579

Affected Products

Invigo Automatic Device Management

PT-2021-9154 · Invigo · Invigo Automatic Device Management

CVE-2020-10579

Weakness Enumeration

Related Identifiers

Affected Products

References · 4