[CVE-2014-0780] InduSoft Web Studio NTWebServer Directory Traversal Vulnerability

CISA KEV 정보

취약점명	InduSoft Web Studio NTWebServer Directory Traversal Vulnerability
설명	InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.
조치사항	Apply updates per vendor instructions.
랜섬웨어 캠페인 악용	Unknown
CWE	CWE-22
등록일 (KEV)	2022-04-15
조치 기한	2022-05-06
추가 참고	https://nvd.nist.gov/vuln/detail/CVE-2014-0780

NVD 상세 정보

CVSS v3.1: 9.8 CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

설명: Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 7.1 before SP2 Patch 4 allows remote attackers to read administrative passwords in APP files, and consequently execute arbitrary code, via unspecified web requests.

CWE: CWE-22 | CWE-22 | CWE-22

참조

http://download.indusoft.com/71.2.4/IWS71.2.4.zip
http://www.securityfocus.com/bid/67056 [Broken Link, Third Party Advisory, VDB Entry]
https://www.cisa.gov/news-events/ics-advisories/icsa-14-107-02
https://www.exploit-db.com/exploits/42699/ [Exploit, Third Party Advisory, VDB Entry]
http://ics-cert.us-cert.gov/advisories/ICSA-14-107-02 [Patch, Third Party Advisory, US Government Resource]
http://www.securityfocus.com/bid/67056 [Broken Link, Third Party Advisory, VDB Entry]
https://www.exploit-db.com/exploits/42699/ [Exploit, Third Party Advisory, VDB Entry]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-0780

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2014-0780] InduSoft Web Studio NTWebServer Directory Traversal Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍