Directory Traversal Vulnerability in Cisco Small Business SA520 and SA540 Devices
CVE-2017-15805

7.5HIGH

Key Information:

Vendor: Cisco
Status: Small Business Sa520 Firmware
Vendor: CVE Published:; 23 October 2017

Summary

Cisco Small Business SA520 and SA540 devices running firmware versions 2.1.71 and 2.2.0.7 are vulnerable to a directory traversal attack through the 'thispage' parameter in the scgi-bin/platform.cgi file. This flaw allows an attacker to read arbitrary files on the server, potentially exposing sensitive information. Proper security measures and firmware updates are essential to mitigate such vulnerabilities.

References

https://www.fwhibbit.es/lfi-en-cisco-small-business-sa500...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 23, 2017
Vulnerability Reserved
Oct 23, 2017