CVE Vulnerability

CVE-2021-34820

Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was discovered in the NMS (Novus Management System) software through 1.51.2

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://packetstormsecurity.com/files/163453/Novus-Management-System-Directory-Traversal-Cross-Site-Scripting.html Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Jul/20 Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:aat:novus_management_system:*:*:*:*:*:*:*:*
Information

Published : 2021-07-19 06:15

Updated : 2021-07-28 06:29

NVD link : CVE-2021-34820

Mitre link : CVE-2021-34820

Products Affected
No products.
CWE
CWE-22