-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > [Suggested description] > An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing > the TFTP service running on UDP port 69, a remote attacker can perform > a directory traversal and obtain operating system files via a TFTP > GET request, as demonstrated by reading /etc/passwd or /proc/version. > > ------------------------------------------ > > [Vulnerability Type] > Directory Traversal > > ------------------------------------------ > > [Vendor of Product] > QSC LLC > > ------------------------------------------ > > [Affected Product Code Base] > Q-SYS Core Manager - Version 8.2.1 > > ------------------------------------------ > > [Affected Component] > TFTP Service running on UDP port 69 allows for retrieval of arbitrary files through a TFTP GET request > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Information Disclosure] > true > > ------------------------------------------ > > [Attack Vectors] > Remote while unauthenticated to the system > > ------------------------------------------ > > [Reference] > https://q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm > > ------------------------------------------ > > [Discoverer] > Kevin Randall
Use CVE-2020-24990. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJfSxDzAAoJEPNX0OmQPkAIU6QP/3XYuB5gkkSYni0mNCr0YHd4 2Y0U0I/ys/18TwlSrleFxFpbvftEVJ5AMF8h2wxdWOQIUUfO+H9nyzn8SPtczjA1 0UQaGAVXaStWpEjfEa6Q/yCo0Vs/VcmC9kZMFlXafWO4NL62ebJJkJpN+YuePo2q c549Yz6r4KwqhQg92rkd/LsW9n4KS0SBiedN4s8BAqE5N6YSmGO1/y89oeem/UCX qBR1yp0b7ji/FYSJZ96ERn5jcrEhz4SlybIsplT141NZKip0JiUHWTySNGo3vawH gs5hrZHfSv+vIICNB4PhLlrjZYF0l3oyOjTexkTEAb8FebQDZ/Q2WyMfWmetih1V 6JHg5WGwWiI9p8M5BYR1MjtIZi7cVSwHam6oCMio8stsSaObZRYRjG9ad9lu1B48 JxI7xZIjlpAU/lO6vzWIsoGpIPZtPrZD9cqen4FrDZSW2Peezv2AWocmG7wRAPPo q+W2tQitsuXFrBo8dGnwklQk5TjA/rKRTEV+A3BsSFXqCsG+NEcZb0LaTwuRsVyI tRaO59zsuMgMy4g8JNHri+yOYSf++yUeaAPffTLMuBbfJYU5NYKq9QVG5tHVtc8t vXWz848rvXw+tFEW7B1oGp05HwF0X22/y2kdxuFVvFyYSodbYSOmdjbmbTHBbn4a 0w2kvZkGMiKcZsOKowWI =7DTq -----END PGP SIGNATURE----- -- Kevin Randall _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
