A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/100452 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 | Mitigation Third Party Advisory US Government Resource |
https://www.exploit-db.com/exploits/42543/ | Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/100452 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 | Mitigation Third Party Advisory US Government Resource |
https://www.exploit-db.com/exploits/42543/ | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:36
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/100452 - Third Party Advisory, VDB Entry | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-17-234-01 - Mitigation, Third Party Advisory, US Government Resource | |
References | () https://www.exploit-db.com/exploits/42543/ - Third Party Advisory, VDB Entry |
27 Jul 2021, 19:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:carrier:automatedlogic_webctrl:*:*:*:*:*:*:*:* |
Information
Published : 2017-08-25 19:29
Updated : 2024-11-21 03:36
NVD link : CVE-2017-9640
Mitre link : CVE-2017-9640
CVE.ORG link : CVE-2017-9640
JSON object : View
Products Affected
carrier
- automatedlogic_webctrl
automatedlogic
- sitescan_web
- i-vu
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')