CVE-2019-12310

CRITICAL

ExaGrid <4.8.1.1044.P50 - Path Traversal

Title source: llm
STIX 2.1

Description

ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device.

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0325
EPSS Percentile 86.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
exagrid/backup_appliance_firmware 48.1.1044.p50
Published Jun 03, 2019
Tracked Since Feb 18, 2026