Rewterz Threat Advisory – CVE-2020-3382 – Critical Vulnerabilities in Cisco’s DCNM and SD-WAN vManage software
July 30, 2020Rewterz Threat Alert – GuLoader Resurfaces in a Malspam Campaign
August 3, 2020Rewterz Threat Advisory – CVE-2020-3382 – Critical Vulnerabilities in Cisco’s DCNM and SD-WAN vManage software
July 30, 2020Rewterz Threat Alert – GuLoader Resurfaces in a Malspam Campaign
August 3, 2020Severity
Medium
Analysis Summary
The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information. An HTTP request to the unprotected API could be used to determine whether an arbitrary file path exists on the filesystem. No authentication is required to perform this exploit.
Impact
Access to sensitive information
Affected Vendors
Inductive Automation
Affected Products
Inductive Automation Ignition 8 All versions prior to 8.0.13
Remediation
Inductive Automation recommends users upgrade the Ignition software to v8.0.13