Intrusion Prevention

IP3.NetAccess.Getfile.CGI.Directory.Traversal

Description

This indicates an attack attempt against a remote command-execution vulnerability in IP3 NetAccess web server.
A vulnerability has been reported in IP3 NetAccess web server that may allow an attacker to read arbitrary files on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "filename" parameter value that is passed to "getfile.cgi". An attacker may browser arbitrary files by sending a crafted HTTP request.

Affected Products

IP3 Networks NA 4.0

Impact

System Compromise: Remote attackers can execute arbitrary code in vulnerable systems.

Recommended Actions

Currently we are not aware of any officially supplied patch for this issue.

CVE References

CVE-2002-0683