L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.
References
| Link | Resource |
|---|---|
| https://www.twcert.org.tw/en/cp-139-7189-5995e-2.html | Third Party Advisory |
| https://www.twcert.org.tw/en/cp-139-7189-5995e-2.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:03
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.twcert.org.tw/en/cp-139-7189-5995e-2.html - Third Party Advisory |
03 Jul 2023, 17:37
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
L7-networks instantscan
L7-networks L7-networks instantqos |
|
| CPE | cpe:2.3:a:l7-networks:instantscan:is-8000:*:*:*:*:*:*:* cpe:2.3:a:l7-networks:instantqos:iq-8000:*:*:*:*:*:*:* |
|
| References | (CONFIRM) https://www.twcert.org.tw/en/cp-139-7189-5995e-2.html - Third Party Advisory |
16 Jun 2023, 05:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. |
16 Jun 2023, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-06-16 04:15
Updated : 2024-11-21 08:03
NVD link : CVE-2023-32752
Mitre link : CVE-2023-32752
CVE.ORG link : CVE-2023-32752
JSON object : View
Products Affected
l7-networks
- instantqos
- instantscan
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type