Intrusion PreventionArgus.Surveillance.DVR.WEBACCOUNT.CGI.Directory.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal vulnerability in Argus Surveillance DVR.
The vulnerability is caused by an improper validation of user supplied data when the vulnerable application handles a maliciously crafted request. An attacker can exploit this to gain access to sensitive information in the context of the vulnerable application via a crafted request.
Outbreak Alert
FortiGuard Labs observed actively targeted video surveillance systems which may be without any available patches. Some of the attack attempts were peaked to as much as 50,000 IPS devices in the month of April 2023.
Affected Products
Argus Surveillance DVR 4.0.0.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems
Recommended Actions
Currently we are unaware of any vendor supplied patch for this issue.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-06-06 | 14.627 | Severity:medium:high |
| 2018-10-31 | 13.482 | Default_action:pass:drop |
| 2018-09-28 | 13.460 |
| ID | 46946 |
| Created | Sep 28, 2018 |
| Updated | Jun 05, 2019 |
| Outbreak Alert | Multiple Vendor Camera System Attack |
| Risk |
|
| CVE ID | CVE-2018-15745 |
| Exploit Prediction Score | 94.58% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |