Vulnerability Description
A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Loytec | Lvis-3Me Firmware | <= 6.1.1 |
| Loytec | Lvis-3Me | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100847Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100847Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-17-257-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-13996?
CVE-2017-13996 is a vulnerability with a CVSS score of 8.8 (HIGH). A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not hav...
How severe is CVE-2017-13996?
CVE-2017-13996 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-13996?
Check the references section above for vendor advisories and patch information. Affected products include: Loytec Lvis-3Me Firmware, Loytec Lvis-3Me.