Race Condition Vulnerability in IBM System Networking Switch and Lenovo Switch Center
CVE-2015-7817

Currently unrated

Key Information:

Vendor: IBM
Status: System Networking Switch Center
Vendor: CVE Published:; 12 November 2015

Summary

A race condition exists in the administration-panel web service of IBM System Networking Switch Center and Lenovo Switch Center, which can be exploited by remote attackers to gain unauthorized privileged account access. By sending specially crafted requests to specific ports, attackers can introduce directory traversal sequences via the FileReader.jsp input, enabling the reading of arbitrary text files. This vulnerability highlights the need for robust security practices in managing network devices.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-553/

x_refsource_MISC

https://support.lenovo.com/us/en/product_security/len_201...

x_refsource_CONFIRM

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 12, 2015
Vulnerability Reserved
Oct 14, 2015