An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/96147 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01 | Patch Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/96147 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01 | Patch Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 03:27
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/96147 - Third Party Advisory, VDB Entry | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-17-040-01 - Patch, Third Party Advisory, US Government Resource |
Information
Published : 2017-02-13 21:59
Updated : 2024-11-21 03:27
NVD link : CVE-2017-5168
Mitre link : CVE-2017-5168
CVE.ORG link : CVE-2017-5168
JSON object : View
Products Affected
hanwha-security
- smart_security_manager
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')