Path traversal

2021-03-2417:15:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.8%

JSON

spxmanage on certain SpinetiX devices allows requests that access unintended resources because of SSRF and Path Traversal. This affects HMP350, HMP300, and DiVA through 4.5.2-1.0.36229; HMP400 and HMP400W through 4.5.2-1.0.2-1eb2ffbd; and DSOS through 4.5.2-1.0.2-1eb2ffbd.

CPENameOperatorVersion
diva_firmwareeq<= 4.5.2-1.0.36229
dsoseq<= 4.5.21.0.21eb2ffbd
hmp300_firmwareeq<= 4.5.2-1.0.36229
hmp350_firmwareeq<= 4.5.2-1.0.36229
hmp400_firmwareeq<= 4.5.21.0.21eb2ffbd
hmp400w_firmwareeq<= 4.5.21.0.21eb2ffbd

Name	Operator	Version
diva_firmware	eq	<= 4.5.2-1.0.36229
dsos	eq	<= 4.5.21.0.21eb2ffbd
hmp300_firmware	eq	<= 4.5.2-1.0.36229
hmp350_firmware	eq	<= 4.5.2-1.0.36229
hmp400_firmware	eq	<= 4.5.21.0.21eb2ffbd
hmp400w_firmware	eq	<= 4.5.21.0.21eb2ffbd