Vulnerability Description
A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alliedtelesis | At-Gs950\/8 Firmware | < 1.00.047 |
| Alliedtelesis | At-Gs950\/8 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Nov/31Mailing ListThird Party Advisory
- https://pastebin.com/dpEGKUGzThird Party Advisory
- http://packetstormsecurity.com/files/155504/Allied-Telesis-AT-GS950-8-Directory-Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2019/Nov/31Mailing ListThird Party Advisory
- https://pastebin.com/dpEGKUGzThird Party Advisory
FAQ
What is CVE-2019-18922?
CVE-2019-18922 is a vulnerability with a CVSS score of 7.5 (HIGH). A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request....
How severe is CVE-2019-18922?
CVE-2019-18922 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18922?
Check the references section above for vendor advisories and patch information. Affected products include: Alliedtelesis At-Gs950\/8 Firmware, Alliedtelesis At-Gs950\/8.