| CVE ID | |
| CVSS SCORE | 7.8, AV:N/AC:L/Au:N/C:C/I:N/A:N |
| AFFECTED VENDORS |
SolarWinds |
| AFFECTED PRODUCTS |
Firewall Security Manager |
| VULNERABILITY DETAILS |
The specific flaw exists within the FSMWebService service. The issue lies within the DownloadFileServlet servlet which fails to prevent directory traversal within all parameters. An attacker can leverage this vulnerability to retrieve arbitrary files as the SYSTEM user. |
| ADDITIONAL DETAILS |
SolarWinds has issued an update to correct this vulnerability. More details can be found at:
http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm |
| DISCLOSURE TIMELINE |
|
| CREDIT | Andrea Micalizzi aka rgod |
