Directory traversal

2020-10-2819:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.6%

JSON

An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.

CPENameOperatorVersion
q-sys_core_managereq8.2.1

CPE	Name	Operator	Version
	q-sys_core_manager	eq	8.2.1

References

packetstormsecurity.com/files/159699/QSC-Q-SYS-Core-Manager-8.2.1-Directory-Traversal.html

seclists.org/fulldisclosure/2020/Oct/30

q-syshelp.qsc.com/Content/Core_Manager/CoreManager_Overview.htm