CVE-2019-12310
Last modified
CVE-2019-12310 is a vulnerability of currently unknown severity. ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.. EPSS estimates a 3.25% chance of exploitation in the next 30 days.
Description
ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Exagrid | Backup Appliance Firmware | 48.1.1044.p50 |
References
- https://exagrid.com/exagrid-products/resources/Vendor Advisory
- https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/Exploit, Third Party Advisory
- https://exagrid.com/exagrid-products/resources/Vendor Advisory
- https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-12310?
How severe is CVE-2019-12310?
How do I fix CVE-2019-12310?
Are you affected by CVE-2019-12310?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST