Vulnerability Description
NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By exploiting this vulnerability, it is possible for an attacker to list operating-system directory contents on the server, create directories and upload files in permissible locations, and modify filenames and delete files that are accessible by the user running the web server instance.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netsas | Enigma Network Management Solution | <= 65.0.0 |
Related Weaknesses (CWE)
References
- https://www.mogozobo.com/?p=3647ExploitThird Party Advisory
- https://www.mogozobo.com/?p=3647ExploitThird Party Advisory
FAQ
What is CVE-2019-16064?
CVE-2019-16064 is a vulnerability with a CVSS score of 9.6 (CRITICAL). NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal vulnerability that can allow an authenticated user to access files and directories stored outside of the web root folder. By explo...
How severe is CVE-2019-16064?
CVE-2019-16064 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-16064?
Check the references section above for vendor advisories and patch information. Affected products include: Netsas Enigma Network Management Solution.