Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =============================================
- CVEID: CVE-2019-18922
- NAME OF AFFECTED PRODUCT: Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047]
- PROBLEM TYPE: Directory Traversal
- DESCRIPTION: A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request.
- NOTE: This is an End-of-Life product.
- =============================================
- I. VULNERABILITY
- - -------------------------
- The Allied Telesis AT-GS950/8 Network Switch with Firmware until AT-S107 V.1.1.3 [1.00.047]
- is confirmed to have an Directory Traversal Vulnerability.
- II. BACKGROUND
- - -------------------------
- The AT-S107 Firmware is used for Configuration through an Web-Interface.
- III. DESCRIPTION
- - -------------------------
- A GET-Request with the Path http://[IP]/../../../../../../etc/passwd shows the File-Content.
- V. BUSINESS IMPACT
- - -------------------------
- A Attacker can read arbitrary System-Files.
- VI. SYSTEMS AFFECTED
- - -------------------------
- Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047].
- VII. CREDITS
- - -------------------------
- The Vulnerability has been discovered by the Security-Team at the University Bayreuth.
- VIII. LEGAL NOTICES
- - -------------------------
- The information contained within this advisory is supplied "as-is" with no
- warranties or guarantees of fitness of use or otherwise.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement