漏洞标题
N/A
漏洞描述信息
在SCALANCE LPE9403 (6GK5988-3GS00-2AC2) (所有版本 < V4.0) 中发现了一个漏洞。受影响设备未能正确限制用户可控的日志写入路径和读取路径。
这可能会允许经过身份验证的高权限远程攻击者读取和写入文件系统中的任意文件,但仅当恶意路径以 'log' 结尾时才可能发生。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
N/A
漏洞描述信息
A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly limit user controlled paths to which logs are written and from where they are read.
This could allow an authenticated highly-privileged remote attacker to read and write arbitrary files in the filesystem, if and only if the malicious path ends with 'log' .
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
漏洞类别
对路径名的限制不恰当(路径遍历)