AxxonSoft Axxon Next Directory Traversal

🗓️ 28 Feb 2018 00:00:00Reported by Martin A Cicalla JrType

packetstorm🔗 packetstormsecurity.com👁 44 Views

Axxon Next Directory Traversal via /css/ substring in URI, CVE-2018-746

Reporter	Title	Published	Views	Family All 9
0day.today	AxxonSoft Axxon Next Directory Traversal Vulnerability	28 Feb 201800:00	–	zdt
BDU FSTEC	The vulnerability of AxxonSoft Axxon Next video management software lies in the incorrect restriction of the path to the restricted access catalog. This allows a intruder to disclose protected information.	31 Jan 202300:00	–	bdu_fstec
CNVD	AxxonSoft Axxon Next Directory Traversal Vulnerability	28 Feb 201800:00	–	cnvd
CVE	CVE-2018-7467	27 Feb 201821:00	–	cve
Cvelist	CVE-2018-7467	27 Feb 201821:00	–	cvelist
Nuclei	AxxonSoft Axxon Next - Local File Inclusion	26 Jun 202603:02	–	nuclei
NVD	CVE-2018-7467	27 Feb 201821:29	–	nvd
Prion	Directory traversal	27 Feb 201821:29	–	prion
Positive Technologies	PT-2018-3858 · Axxonsoft · Axxon Next	27 Feb 201800:00	–	ptsecurity

`Title  
  
AxxonSoft Axxon Next - AxxonSoft Client Directory Traversal via an initial  
/css//..%2f substring in a URI. CVE-2018-7467  
  
[Vulnerability Type]  
  
Directory Traversal via an initial /css//..%2f substring in a URI  
  
[Vendor of Product]  
  
AxxonSoft Client  
  
[Affected Product Code Base]  
  
Axxon Next  
  
[Affected Component]  
  
AxxonSoft Client Web Application's Source Code  
  
[Attack Type]  
  
Remote  
  
[Impact Information Disclosure]  
  
true  
  
[Attack Vectors]  
  
It is a Directory Traversal   
  
  
/css//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f  
..%2f..%2f..%2f..%2fwindows\System32\drivers\etc\hosts  
  
  
  
[Discoverer]  
  
Martin A Cicalla Jr  
`

28 Feb 2018 00:00Current

7.6High risk

Vulners AI Score7.6

EPSS0.10516