Xovis Security Bulletin 2018-003

Description

Xovis PC-series sensors firmware through 3.6.0 allow directory traversal.

Vulnerability Details

The PC-series sensor firmware is vulnerable to information disclosure via a directory traversal bug.

Affected Products and Versions

All PC-series sensor firmware versions up to 3.6.0.

Remediation/Fixes

Apply the PC-series sensor firmware 3.7.0 or newer.

Workarounds and Mitigations

None.

References

• MITRE: CVE-2018-11720
• CVSS: 9.5

Acknowledgements

Xovis would like to thank Ayushman Dutta for responsibly reporting this vulnerability to protect our customers.

History

• 2018-08-29: CVE publication
• 2018-07-04: Fix released, notification of customers
• 2018-06-04: CVE ID assigned
• 2018-05-23: Vulnerability reported