This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
The firmware of the Zenitel Tcis-3 device improperly validates or sanitizes the file name passed during the upload operation. An attacker can embed malicious system commands in the file name, which are then executed by the device's operating system. This is a classic CWE-77 error (Improper Neutralization of Special Elements used in a Command), where untrusted data goes directly to the command interpreter.
An authenticated attacker can execute arbitrary commands at the operating system level of the device, leading to complete takeover of control, disclosure of confidential data, violation of system integrity, and potential disruption of its availability.
Patches available from the manufacturer should be applied according to references — firmware update to versions marked in the release notes of the 9.3 series (Turbine 9.3, VSF-Display 9.3, VSF-Fortitude6 9.3, VSF-Fortitude8 9.3, ZIPS 9.3) published by Zenitel
Zenitel Tcis-3 and Zenitel Tcis-3 Firmware — versions indicated in the manufacturer's references (release notes for Turbine 9.3, VSF-Display 9.3, VSF-Fortitude6 9.3, VSF-Fortitude8 9.3, ZIPS 9.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HZenitel Tcis 3
HWZenitelwszystkie wersjeZenitel Tcis 3 Firmware
OSZenitel< 9.2.3.3
Related vulnerabilities
Command injection w Zenitel TCIS-3 – wykonanie poleceń przez hostname
This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
RCE poprzez command injection w polu hostname urządzeń Zenitel ICx500/ICx510
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and d...
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file...