CVE-2020-17383

Name of the Vulnerable Software and Affected Versions Telos Z/IP One versions through 4.0.0r

Description A directory traversal issue allows an unauthenticated individual to gain root level access to the device's file system. This access can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI.

Recommendations For versions through 4.0.0r, consider restricting access to the WebUI to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the use of remote configuration features to reduce the attack surface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.