Name of the Vulnerable Software and Affected Versions:

Partner Software application and Partner Web application versions 4.32

Partner Software application and Partner Web application (affected versions not specified)

Description:

The Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab. This allows an authenticated attacker to upload a malicious file and potentially compromise the device. The software runs as SYSTEM by default, which increases the severity of the issue.

Recommendations:

Restrict file uploads on the "reports" tab.

Monitor for malicious file uploads.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.