PT-2021-9159 · Invigo · Invigo Automatic Device Management

Published

2021-03-25

Updated

2021-03-26

CVE-2020-10584

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Invigo Automatic Device Management (ADM) versions prior to 5.0

Description The issue concerns a directory traversal attack on the /admin/search by.php script, allowing remote attackers to read arbitrary server files accessible to the user running the application.

Recommendations For Invigo Automatic Device Management (ADM) versions prior to 5.0, update to version 5.0 or later to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-10584

Affected Products

Invigo Automatic Device Management

PT-2021-9159 · Invigo · Invigo Automatic Device Management

CVE-2020-10584

Weakness Enumeration

Related Identifiers

Affected Products

References · 3