Multuiple GE Products CVE-2018-19003 Directory Traversal Vulnerability

Multiple GE Products are prone to a directory-traversal vulnerability.

Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks.

The following products are affected:

Mark VIe 03.03.28C through 05.02.04C,
Versions prior to EX2100e 04.09.00C
Versions prior to EX2100e_Reg 04.09.00C
Versions prior to LS2100e 04.09.00C

Information

Bugtraq ID: 106216
Class: Input Validation Error
CVE: CVE-2018-19003

Remote: Yes
Local: No
Published: Dec 13 2018 12:00AM
Updated: Dec 13 2018 12:00AM
Credit: Can Demirel of Biznet Bilisim
Vulnerable: Ge Mark VIe 05.02.04C
Ge Mark VIe 03.03.28C
Ge LS2100e 0
Ge EX2100e_Reg 0
Ge EX2100e 0

Not Vulnerable: Ge LS2100e 04.09.00C
Ge EX2100e_Reg 04.09.00C
Ge EX2100e 04.09.00C

Exploit

An attacker can exploit this issue using a web browser.

References:

GE Homepage (GE)
ICSA-18-347-04 GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e (CERT)

Source: www.securityfocus.com

Exploit Collector

Search Exploit