Race Condition Vulnerability in IBM System Networking Switch and Lenovo Switch Center
CVE-2015-7817

Currently unrated

Key Information:

Vendor
IBM
Vendor
CVE Published:
12 November 2015

Summary

A race condition exists in the administration-panel web service of IBM System Networking Switch Center and Lenovo Switch Center, which can be exploited by remote attackers to gain unauthorized privileged account access. By sending specially crafted requests to specific ports, attackers can introduce directory traversal sequences via the FileReader.jsp input, enabling the reading of arbitrary text files. This vulnerability highlights the need for robust security practices in managing network devices.

References

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.