Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Riverbed SteelHead VCX Authenticated Arbitrary File Read via Log Filter Injection
Vulnerability Description
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Riverbed SteelHead VCX 信息泄露漏洞
Vulnerability Description
Riverbed SteelHead VCX是美国Riverbed公司的一个广域网优化软件。 Riverbed SteelHead VCX 9.6.0a版本存在安全漏洞,该漏洞源于日志过滤功能中的路径遍历问题,可能导致任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A