Vulnerability identifier: #VU16537
Vulnerability risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
LS2100e
Hardware solutions /
Office equipment, IP-phones, print servers
EX2100e_Reg
Hardware solutions /
Office equipment, IP-phones, print servers
EX2100e
Hardware solutions /
Office equipment, IP-phones, print servers
Mark VIe
Hardware solutions /
Office equipment, IP-phones, print servers
Vendor: GE
Description
The vulnerability allows an adjacent unauthenticated attacker to obtain potentially sensitive information.
The vulnerability exists due to improper restriction of the ability of an attacker to gain access to restricted information. An adjacent attacker can conduct directory traversal attack and gain access to potentially sensitive information.
Mitigation
Update the affected products to the latest versions.
Vulnerable software versions
LS2100e: All versions
EX2100e_Reg: All versions
EX2100e: All versions
Mark VIe: All versions
External links
http://ics-cert.us-cert.gov/advisories/ICSA-18-347-04
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.