| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4b79c99ca5a54ec087a6b4b249231b84@uni-bayreuth.de> Date: Thu, 28 Nov 2019 12:01:38 +0000 From: "Sprenger, Nicolas Hendrik" <Nicolas.H.Sprenger@...-bayreuth.de> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] CVE-2019-18922; Directory Traversal; Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ============================================= CVEID: CVE-2019-18922 NAME OF AFFECTED PRODUCT: Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] PROBLEM TYPE: Directory Traversal DESCRIPTION: A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product. ============================================= I. VULNERABILITY - ------------------------- The Allied Telesis AT-GS950/8 Network Switch with Firmware until AT-S107 V.1.1.3 [1.00.047] is confirmed to have an Directory Traversal Vulnerability. II. BACKGROUND - ------------------------- The AT-S107 Firmware is used for Configuration through an Web-Interface. III. DESCRIPTION - ------------------------- A GET-Request with the Path http://[IP]/../../../../../../etc/passwd shows the File-Content. V. BUSINESS IMPACT - ------------------------- A Attacker can read arbitrary System-Files. VI. SYSTEMS AFFECTED - ------------------------- Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047]. VII. CREDITS - ------------------------- The Vulnerability has been discovered by the Security-Team at the University Bayreuth. [N. H. Sprenger, Dr. H. Benda]. VIII. LEGAL NOTICES - ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. ============================================= -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEJliv/QRedf6UzVmWtNym7A91fYQFAl3ftoYACgkQtNym7A91 fYQvcwgAqSC6BU4EFbZvSX/mFecjeEIwphIgEp3n1QPb2gwwJHA3DGYdWNzp05YD ZytxPofVoH+bWxZWun7vMi0c4HhZHPM3CJaJmcMoahSI2FEFfytQYbhcN/oWLCl+ ahc1J062wj2lnwh7gmLrdUX0RD2oM0VVnaU4gNAYMykVGTuQVVjTi2YwHFysaz1T zEJQXOHxrdUC4BPgaYdimpmJts4M6IxCghYRWsMOTObKFlmfMVMQpsc+OgKF34U2 aWRJQq05AE4FYYYHg81pFVcjVWRQ8ZOObEl4OgwTCY+vWwMS0BK4MZXMQkvB0y8t b6hbNAeasEaQ4g3SrzTe5273F7HF9g== =ZqDR -----END PGP SIGNATURE----- _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists