#VU6614 Path traversal in Miele Professional products - CVE-2017-7240
Published: May 22, 2017
Vulnerability identifier: #VU6614
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-7240
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
PG8536
PG8535
PG8528
PG8527
PG8536
PG8535
PG8528
PG8527
Software vendor:
Miele Professional
Miele Professional
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the affected device.
The weakness exists due to path traversal. A remote attacker can use special elements in the pathname to resolve to a location outside of a restricted directory and view arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to path traversal. A remote attacker can use special elements in the pathname to resolve to a location outside of a restricted directory and view arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
Remediation
Update PG8527 to version 2.12, 2.52, 2.62, 2.64.
Update PG8528 to version 2.12, 2.61, 2.62, 2.64.
Update PG8535 to version 1.10, 1.14.
Update PG8536 to version 1.20, 1.24.
Update PG8528 to version 2.12, 2.61, 2.62, 2.64.
Update PG8535 to version 1.10, 1.14.
Update PG8536 to version 1.20, 1.24.