Directory Traversal Vulnerability in ServersCheck Monitoring Software Allows Denial of Service

Directory Traversal Vulnerability in ServersCheck Monitoring Software Allows Denial of Service

CVE-2018-18552 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, this behavior comes from a Directory Traversal bug (via the sensor_details.html id parameter) that allows creating empty files in arbitrary directories.

Learn more about our User Device Pen Test.