CVE-2017-6564
Last modified
CVE-2017-6564 is a vulnerability of currently unknown severity. On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.. EPSS estimates a 0.81% chance of exploitation in the next 30 days.
Description
On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Franklinfueling | Ts-550 Evo Firmware | 2.3.0.7332 |
References
- http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-SystemsTechnical Description, Third Party Advisory, URL Repurposed
- https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2Third Party Advisory
- http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-SystemsTechnical Description, Third Party Advisory, URL Repurposed
- https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6564?
How severe is CVE-2017-6564?
How do I fix CVE-2017-6564?
Are you affected by CVE-2017-6564?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST