Share
## https://sploitus.com/exploit?id=PACKETSTORM:155504
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256  
  
=============================================  
CVEID: CVE-2019-18922  
NAME OF AFFECTED PRODUCT: Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047]  
PROBLEM TYPE: Directory Traversal  
DESCRIPTION: A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request.   
NOTE: This is an End-of-Life product.  
  
=============================================  
  
I. VULNERABILITY  
- -------------------------  
The Allied Telesis AT-GS950/8 Network Switch with Firmware until AT-S107 V.1.1.3 [1.00.047]  
is confirmed to have an Directory Traversal Vulnerability.  
  
II. BACKGROUND  
- -------------------------  
The AT-S107 Firmware is used for Configuration through an Web-Interface.  
  
III. DESCRIPTION  
- -------------------------  
A GET-Request with the Path http://[IP]/../../../../../../etc/passwd shows the File-Content.  
  
V. BUSINESS IMPACT  
- -------------------------  
A Attacker can read arbitrary System-Files.  
  
  
VI. SYSTEMS AFFECTED  
- -------------------------  
Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047].  
  
VII. CREDITS  
- -------------------------  
The Vulnerability has been discovered by the Security-Team at the University Bayreuth. [N. H. Sprenger, Dr. H. Benda].  
  
VIII. LEGAL NOTICES  
- -------------------------  
The information contained within this advisory is supplied "as-is" with no   
warranties or guarantees of fitness of use or otherwise.  
  
=============================================  
-----BEGIN PGP SIGNATURE-----  
  
iQEzBAEBCAAdFiEEJliv/QRedf6UzVmWtNym7A91fYQFAl3ftoYACgkQtNym7A91  
fYQvcwgAqSC6BU4EFbZvSX/mFecjeEIwphIgEp3n1QPb2gwwJHA3DGYdWNzp05YD  
ZytxPofVoH+bWxZWun7vMi0c4HhZHPM3CJaJmcMoahSI2FEFfytQYbhcN/oWLCl+  
ahc1J062wj2lnwh7gmLrdUX0RD2oM0VVnaU4gNAYMykVGTuQVVjTi2YwHFysaz1T  
zEJQXOHxrdUC4BPgaYdimpmJts4M6IxCghYRWsMOTObKFlmfMVMQpsc+OgKF34U2  
aWRJQq05AE4FYYYHg81pFVcjVWRQ8ZOObEl4OgwTCY+vWwMS0BK4MZXMQkvB0y8t  
b6hbNAeasEaQ4g3SrzTe5273F7HF9g==  
=ZqDR  
-----END PGP SIGNATURE-----