ID
VAR-201710-1448
TITLE
There are two arbitrary file upload vulnerabilities in the bunker fortress background
Trust: 0.6
DESCRIPTION
The bunker bastion machine is the industry's first software bastion machine, which provides single point functions of centralized identity authentication, centralized access authorization, centralized access management, centralized operation audit, and simplified operation and management required for remote operation and maintenance management. There are two arbitrary file upload vulnerabilities in the background system settings "Workflow Settings" and "System Upgrade Function" of the Bunker Fortress Machine, allowing attackers to upload a webshell and gain server permissions.
Trust: 0.6
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | weifangtong information | model: | bunker fortress | scope: | eq | version: | v2.26 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
PATCH
| title: | Bunker Fortress CMS Has Arbitrary File Upload Vulnerability | url: | https://www.cnvd.org.cn/patchinfo/show/100784 | Trust: 0.6 |
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2017-25413 | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2017-25413 |
LAST UPDATE DATE
2022-05-04T10:16:09.231000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-25413 | date: | 2017-09-28T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-25413 | date: | 2017-10-09T00:00:00 |