// For flags

CVE-2018-10615

GE MDS PulseNET FileServlet Directory Traversal Information Disclosure Vulnerability

Severity Score

8.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform.

Un salto de directorio podrĂ­a conducir a que los archivos se exfiltren o eliminen de GE MDS PulseNET y MDS PulseNET Enterprise en versiones 3.2.1 y anteriores.

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
The specific flaw exists within the FileServlet servlet. When parsing the name parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose information under the context of the current service.

*Credits: rgod
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-05-01 CVE Reserved
  • 2018-06-04 CVE Published
  • 2024-09-16 CVE Updated
  • 2025-02-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-23: Relative Path Traversal
CAPEC
References (2)
URL Tag Source
http://www.securityfocus.com/bid/104377 Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Ge
Search vendor "Ge"
 Mds Pulsenet
Search vendor "Ge" for product "Mds Pulsenet"
 <= 3.2.1
Search vendor "Ge" for product "Mds Pulsenet" and version " <= 3.2.1"
-
Affected
Ge
Search vendor "Ge"
 Mds Pulsenet
Search vendor "Ge" for product "Mds Pulsenet"
 <= 3.2.1
Search vendor "Ge" for product "Mds Pulsenet" and version " <= 3.2.1"
enterprise
Affected