-
-
Save hamoshwani/6e207aa4ea513438cd75b97c1fc8abfe to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Security Advisory | |
Topic: Directory Traversal vulnerability in NEXSYS-ONE v.before Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request. | |
Category: NEXSYS-ONE | |
Module: VideoStream | |
Announced: 09-04-2024 | |
Credits: Ahmed Kameran --- https://twitter.com/hamoshwani | |
CVE ID: CVE-2024-31801 | |
Affects: NEXSYS-ONE - < Rev.15320 | |
Corrected: NEXSYS-ONE - > Rev.15320 | |
1. Background | |
CVE-2024-31801 denotes a Directory Traversal vulnerability discovered in versions of NEXSYS-ONE preceding Rev.15320. This flaw allows remote attackers to illicitly access sensitive information via meticulously crafted requests. | |
2. Problem Description | |
CVE-2024-31801 exposes a Directory Traversal vulnerability in NEXSYS-ONE prior to Rev.15320. | |
Attackers exploit a flaw in the Video Stream Component, injecting malicious file paths to access sensitive local files remotely. This leads to unauthorized disclosure of critical data, jeopardizing system confidentiality and integrity.e the injected payload that can lead to Local file read | |
Vulenrable models: VideoStream | |
3. Impact | |
The exploitation of CVE-2024-31801 in NEXSYS-ONE software versions preceding Rev.15320 results in severe information disclosure. Attackers can remotely access sensitive local files, compromising the confidentiality of critical data. | |
This breach undermines system integrity, potentially leading to further exploitation and data breaches. | |
4. Solution | |
To mitigate CVE-2024-31801, users should upgrade their NEXSYS-ONE software to versions released after Rev.15320. | |
These updated versions contain patches and security enhancements that address the Directory Traversal vulnerability, effectively safeguarding against remote exploitation and unauthorized information disclosure. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment