Summary
Multiple EverFocus devices allowing unauthenticated remote users to retrieve arbitrary system files that are located outside of the web root through a directory traversal on port 80.
Solution
Firmware update is available from EverFocus technical support.
References
Severity
Classification
-
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities
- Alchemy Eye HTTP Command Execution
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-01 May-2014
- AdPeeps 'index.php' Multiple Vulnerabilities.