Vulnerability CVE-2020-17383
Published: 2022-01-24

Description:
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote configuration of the device through the WebUI.

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://www.telosalliance.com/downloads?search=software-updates#downloadListing
https://sra.io/blog-post/
https://sra.io/blog/this-traversal-had-a-face-for-radio-cve-2020-17383/
Copyright 2024, cxsecurity.com

 

Back to Top