Directory traversal

2019-06-0319:29:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

JSON

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded ‘support’ credentials, leading to administrative access of the device.

CPENameOperatorVersion
backup_appliance_firmwareeq48.1.1044-p50

CPE	Name	Operator	Version
	backup_appliance_firmware	eq	48.1.1044-p50

References

exagrid.com/exagrid-products/resources/

www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/