CVE-2017-16786
Last modified
CVE-2017-16786 is a vulnerability of currently unknown severity. The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.. EPSS estimates a 2.01% chance of exploitation in the next 30 days.
Description
The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Meinbergglobal | Lantime Firmware | <= 6.24.003 |
References
- http://packetstormsecurity.com/files/145388/Meinberg-LANTIME-Web-Configuration-Utility-6.16.008-Arbitrary-File-Read.htmlIssue Tracking, Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2017/Dec/50Issue Tracking, Mailing List, Third Party Advisory
- http://packetstormsecurity.com/files/145388/Meinberg-LANTIME-Web-Configuration-Utility-6.16.008-Arbitrary-File-Read.htmlIssue Tracking, Third Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2017/Dec/50Issue Tracking, Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-16786?
How severe is CVE-2017-16786?
How do I fix CVE-2017-16786?
Are you affected by CVE-2017-16786?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST