SB2018121402 - Information disclosure in GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e
Published: December 14, 2018
Security Bulletin ID
SB2018121402
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Adjecent network
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Path traversal (CVE-ID: CVE-2018-19003)
The vulnerability allows an adjacent unauthenticated attacker to obtain potentially sensitive information.
The vulnerability exists due to improper restriction of the ability of an attacker to gain access to restricted information. An adjacent attacker can conduct directory traversal attack and gain access to potentially sensitive information.
Remediation
Install update from vendor's website.