CVE-2017-20021
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.
-
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-
09/06/2022
Operating Systems 8
So
Solar-Log 250 Firmware
by Solar-Log
2 Versions
2 months ago
So
Solar-Log 300 Firmware
by Solar-Log
2 Versions
2 months ago
So
Solar-Log 500 Firmware
by Solar-Log
10 Versions
2 months ago
So
Solar-Log 800E Firmware
by Solar-Log
2 Versions
2 months ago
So
Solar-Log 1000 Firmware
by Solar-Log
2 Versions
2 months ago
So
Solar-Log 1000 PM+ Firmware
by Solar-Log
2 Versions
2 months ago
So
Solar-Log 1200 Firmware
by Solar-Log
2 Versions
2 months ago
So
Solar-Log 2000 Firmware
by Solar-Log
2 Versions
2 months ago
Vulnerability Categories 1
Unrestricted Upload of File with Dangerous Type
Advisory Links 2
http://www.vicarius.io
is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the
Website is purely for informational, and educational purposes and should be independently
verified and confirmed. Vicarius does not accept any liability for any loss or damage
whatsoever caused in reliance upon such information or services. No statements or information
presented in any form by Vicarius is intended as fact, and you agree that you will not
consider the statements or information presented on the Website as fact or as a guarantee of
performance.
Related CVEs
Security Research Topics
By John Kilhefner
Aug 09, 2022
Analyzing the Quantum Threat
This isn’t just another “next step” of computing… The application of emerging quantum computing tech in the cybersecurity industry will result in arguably the most significant disruption the world has ever seen. Just how can a new evolution of computing do all this? Through the strange world of quantum mechanics.
By Michael Assraf
Aug 08, 2022
An Origin Story: vsociety
Welcome to vsociety – the open, independent, and user-centered community with features built specifically to make vulnerability research shareable and actionable at scale. We don't make many self-posts, but wanted to share our origins with you...
By M /
Aug 08, 2022
Exploiting Google SLO Generator with Python YAML Deserialization Attack
In this blog post, we will be detailing a new vector to exploit a vulnerable version of Google SLO Generator, a widely used Python library publicly available on Github. In other words, we will be searching for an older version that we can exploit to highlight the importance of keeping software packages up to date.
By John Kilhefner
Aug 08, 2022
Blockchain Security -- The New Threat. Part 1.
A new threat is on the horizon. And this new paradigm promises to be the most profound shift for security professionals since the dot-com boom of the nineties.
I’m talking about blockchains and decentralized economies in the 2020s. To get a sense for the scope of change in front of us, we need to take a trip down memory lane – to the advent of the internet.
By Kent Weigle
Aug 05, 2022
CISAnalysis 05 August 2022
CVE-2022-27924, a vulnerability published in May 2022, has been added to CISA's Known Exploited Vulnerabilities Catalog.
Start Closing Security Gaps
- Risk reduction from Day 1
- Fast set-up and deployment
- Unified platform
- Full-featured 30-day trial