Vulnerability Details CVE-2017-16788
Directory traversal vulnerability in the "Upload Groupkey" functionality in the Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with Admin-User access to write to arbitrary files and consequently gain root privileges by uploading a file, as demonstrated by storing a file in the cron.d directory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 79.1%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 9.0
References
Products affected by CVE-2017-16788
-
cpe:2.3:o:meinbergglobal:lantime:-
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.007
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.008
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.009
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.010
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.16.011
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.007
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.17.008
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.007
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.008
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.009
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.010
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.011
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.012
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.013
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.014
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.015
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.016
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.017
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.18.018
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.19.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.007
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.008
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.009
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.010
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.011
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.012
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.013
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.014
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.015
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.016
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.017
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.018
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.019
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.020
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.021
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.022
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.20.023
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.003
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.004
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.005
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.22.006
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.24.001
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.24.002
-
cpe:2.3:o:meinbergglobal:lantime_firmware:6.24.003