CVE-2017-16788 - CERT CVE

  1. CVE-2017-16788

ID CVE-2017-16788
Sažetak Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.
Reference
CVSS
Base: 9.0
Impact: 10.0
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:N/AC:L/Au:S/C:C/I:C/A:C
Zadnje važnije ažuriranje 03-01-2018 - 13:05
Objavljeno 15-12-2017 - 18:29