Path traversal in Miele Professional products - CVE-2017-7240
Published: May 22, 2017
Vulnerability identifier: #VU6614
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-7240
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Miele Professional
Affected software:
PG8536
PG8535
PG8528
PG8527
PG8536
PG8535
PG8528
PG8527
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the affected device.
The weakness exists due to path traversal. A remote attacker can use special elements in the pathname to resolve to a location outside of a restricted directory and view arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
The weakness exists due to path traversal. A remote attacker can use special elements in the pathname to resolve to a location outside of a restricted directory and view arbitrary files on the system.
Successful exploitation of the vulnerability results in information disclosure.
How to mitigate CVE-2017-7240
Update PG8527 to version 2.12, 2.52, 2.62, 2.64.
Update PG8528 to version 2.12, 2.61, 2.62, 2.64.
Update PG8535 to version 1.10, 1.14.
Update PG8536 to version 1.20, 1.24.
Update PG8528 to version 2.12, 2.61, 2.62, 2.64.
Update PG8535 to version 1.10, 1.14.
Update PG8536 to version 1.20, 1.24.