Rewterz Threat Advisory – Microsoft Windows TCP/IP code execution
February 10, 2021Rewterz Threat Alert – LokiBot – Fresh IOCs
February 11, 2021Rewterz Threat Advisory – Microsoft Windows TCP/IP code execution
February 10, 2021Rewterz Threat Alert – LokiBot – Fresh IOCs
February 11, 2021Severity
High
Analysis Summary
CVE-2020-25237
When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. An attacker could exploit this vulnerability to create or overwrite arbitrary files on an affected system.
Impact
Arbitrary code execution
Affected Vendors
Siemens
Affected Products
- SINEC NMS All versions prior to v1.0 SP1 Update 1
- SINEMA Server All versions prior to v14.0 SP2 Update 2
Remediation
Siemens recommends users update their products to the latest version.