Описание
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 6.02.06 (исключая)Версия от 7.00 (включая) до 7.04 (включая)Версия до 4.01 (исключая)
Одно из
cpe:2.3:a:auvesy-mdt:autosave:*:*:*:*:*:*:*:*
cpe:2.3:a:auvesy-mdt:autosave:*:*:*:*:*:*:*:*
cpe:2.3:a:auvesy-mdt:autosave_for_system_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:auvesy-mdt:autosave_for_system_platform:5.00:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00194
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209
CWE-209
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
An attacker can gain knowledge of a session temporary working folder where the getfile and putfile commands are used in MDT AutoSave versions prior to v6.02.06. An attacker can leverage this knowledge to provide a malicious command to the working directory where the read and write activity can be initiated.
EPSS
Процентиль: 42%
0.00194
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-209
CWE-209