Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00.
Credits
Ștefania POPESCU - Team Lead, Security @ Bitdefender
Ionuț LALU - Security Engineer @ Bitdefender
Cristian BUZA - Security Engineer @ Bitdefender
Alexandru LAZĂR - Security Researcher @ Bitdefender
