Overview
- Description
- A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web user interface fails to prevent access to critical files that non administrative users should not have access to, which could allow an attacker to create or modify files or execute arbitrary code.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:loytec:lvis-3me_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1420D89A-7473-467E-92D5-5B338A3F124A",
"versionEndIncluding": "6.1.1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:loytec:lvis-3me:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EB324A4A-8D41-41AE-A7E0-92A8A8ABD0E6"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]