Improper access control - CVE-2016-4967
Published: September 8, 2016 / Updated: September 8, 2016
Vulnerability identifier: #VU374
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-4967
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows attackers to get access to potentially sensitive information.
The vulnerability exists due to improper access control mechanisms when accessing the /script/cfg_show.php and /script/system/tcpdump.php script. A remote authenticated user can obtain potentially sensitive information, such as device configuration or PCAP files by requesting directly the vulnerable scripts.
Successful exploitation of this vulnerability may allow attackers to access potentially sensitive data.How to mitigate CVE-2016-4967
Upgrade to 4.2.5 or above.