Mutare Security Advisory
|Published Date||February 5, 2021|
|Revision Date||February 16, 2021|
Unauthenticated Local File Inclusion to Remote Code Execution
Mutare Voice (EVM), Versions Affected 3.0.0-3.3.7
The Mutare Voice (EVM) web application suffers from unauthenticated local file inclusion which leads to source code disclosure and provides an ability to dump server-side files alongside with possibility to escalate the chain to Remote Code Execution providing complete control over the server.
The getfile.asp script file can be utilized to view file contents via a parameter. This can be used to leak the source of the file. This can subsequently be used to escalate to a Remote Code Execution.
The getfile.asp file can be removed from the application. It is used for streaming voice files for playback via browser.
Upgrading Mutare Voice (EVM) to release 3.3.8 fixes the vulnerability.
Mutare would like to thank Tesla for reporting this issue and working with Mutare to help protect our customers.