CVE-2019-16064

Published: Mar 19, 2020Modified: Nov 21, 2024

9.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Exploitability: 3.1 / Impact: 5.8

Source: NVD

Description

NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory contents on the server, create directories and upload files in permissible locations, and modify filenames and delete files that are accessible by the user running the web server instance.

Affected (1)

Products: Netsas: Enigma Network Management Solution

1 product

Enigma Network Management Solution

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Netsas Enigma Network Management Solution	Up to 65.0.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://www.mogozobo.com/?p=3647

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.mogozobo.com/?p=3647

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.