HomePentest-Tools.com Logo

Argus Surveillance DVR 4.0.0.0 - Local File Inclusion CVE-2018-15745

Severity
CVSSv3 Score
7.5
Vulnerability description

Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.\n

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.

Recommendation

Upgrade to a patched version of Argus Surveillance DVR.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Aug 30, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available