IP3.NetAccess.Getfile.CGI.Directory.Traversal
Description
This indicates an attack attempt against a remote command-execution vulnerability in IP3 NetAccess web server.
A vulnerability has been reported in IP3 NetAccess web server that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "filename" parameter value that is passed to "getfile.cgi". An attacker may browser arbitrary files by sending a crafted HTTP request.
Affected Products
IP3 Networks NA 4.0
Impact
System Compromise: Remote attackers can execute arbitrary code in vulnerable systems.
Recommended Actions
Currently we are not aware of any officially supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |