Openwsman opwnswand Daemon Working Directory Arbitrary File Disclosure Vulnerability

By GIXnews

A vulnerability in the opwnswand daemon of Openwsman could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

The vulnerability exists because the working directory of the opwnswand daemon is set to the root directory. An attacker could exploit this vulnerability by sending an HTTP request that submits malicious input to the targeted system. A successful exploit could allow the attacker to access arbitrary files on the system, which could be used to conduct further attacks.

Openwsman has not confirmed the vulnerability and software updates are not available.

Security Impact Rating: High

CVE: CVE-2019-3816

Source:: Cisco Multivendor Vulnerability Alerts