Affected Software: IPConfigure Orchid Core VMS (All versions < 2.0.6, tested on Linux and Windows) Vulnerability: Unauthenticated Privileged Directory Traversal CVE: CVE-2018-10956 Impact: Arbitrary File Read Access Metasploit module: https://github.com/nettitude/metasploit-modules/blob/master/orchid_core_vms_directory_traversal.rb Summary of Vulnerability IPConfigure Orchid Core VMS is a Video Management System that is vulnerable to a directory traversal attack, which allows underlying database access, access to camera feeds […]
Article Link: https://labs.nettitude.com/blog/cve-2018-10956-unauthenticated-privileged-directory-traversal-in-ipconfigure-orchid-core-vms/