CVE-2020-17383

Опубликовано: 24 янв. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI.

Ссылки

https://sra.io/blog-post/
Broken Link
https://sra.io/blog/this-traversal-had-a-face-for-radio-cve-2020-17383/
Exploit
Patch
Third Party Advisory
https://www.telosalliance.com/downloads?search=software-updates#downloadListing
Vendor Advisory
https://sra.io/blog-post/
Broken Link
https://sra.io/blog/this-traversal-had-a-face-for-radio-cve-2020-17383/
Exploit
Patch
Third Party Advisory
https://www.telosalliance.com/downloads?search=software-updates#downloadListing
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:telosalliance:z\/ip_one_firmware:*:*:*:*:*:*:*:*

Версия до 4.0.0r (включая)

cpe:2.3:h:telosalliance:z\/ip_one:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06292

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-72j5-838x-5995

github

около 4 лет назад