JPCERT-AT-2020-0044
JPCERT/CC
2020-12-02(Initial)
2020-12-11(Update)
Soliton Systems
[Important] Request of update to the latest version of FileZen (V4.2.2 and earlier)(Japanese)
https://www.soliton.co.jp/support/2020/004274.html
- FileZen V4.2.2 and earlier
Soliton Systems
[Important] Request of update to the latest version of FileZen (V4.2.2 and earlier) (Japanese)
https://www.soliton.co.jp/support/2020/004274.html
Soliton Systems
FileZen update pack/manual (Japanese)
https://www.soliton.co.jp/support/soliton/hardware/filezen/#updatepack
If you have any information regarding this alert, please contact JPCERT/CC.
2020-12-11 Updated "I. Overview", "II. Affected Products and Versions" and "IV. References"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2020-12-02(Initial)
2020-12-11(Update)
I. Overview
On December 2, 2020, Soliton Systems released information regarding update on the file data transfer appliance FileZen. Soliton Systems is recommending users of V4.2.2 and earlier versions of FileZen to update to the latest version as soon as possible. For more inforamation, please refer to the following URL.Soliton Systems
[Important] Request of update to the latest version of FileZen (V4.2.2 and earlier)(Japanese)
https://www.soliton.co.jp/support/2020/004274.html
Update: December 11, 2020 Update
On December 10, 2020, Soliton Systems released the detail information regarding this vulnerability.
Soliton Systems
[Important] FileZen directory traversal vulnerability (Japanese)
https://www.soliton.co.jp/support/2020/004278.html
FileZen contains a directory traversal vulnerability (CVE-2020-5639).A remote attacker leveraging this vulnerability may upload a crafted file in the specific directory in the product, then it may lead to an arbitrary OS command execution.
Soliton Systems
[Important] FileZen directory traversal vulnerability (Japanese)
https://www.soliton.co.jp/support/2020/004278.html
FileZen contains a directory traversal vulnerability (CVE-2020-5639).A remote attacker leveraging this vulnerability may upload a crafted file in the specific directory in the product, then it may lead to an arbitrary OS command execution.
II. Affected Products and Versions
The following products and versions are affected.- FileZen V4.2.2 and earlier
Update: December 11, 2020 Update
We updated the affected versions as Soliton Systems had updated their advisory.
- FileZen V3.0.0 to V4.2.2
- FileZen V3.0.0 to V4.2.2
III. Solution
Please update FileZen to the latest version provided by Soliton Systems.IV. References
Soliton Systems
[Important] Request of update to the latest version of FileZen (V4.2.2 and earlier) (Japanese)
https://www.soliton.co.jp/support/2020/004274.html
Soliton Systems
FileZen update pack/manual (Japanese)
https://www.soliton.co.jp/support/soliton/hardware/filezen/#updatepack
Update: December 11, 2020 Update
Soliton Systems
[Important] FileZen directory traversal vulnerability (Japanese)
https://www.soliton.co.jp/support/2020/004278.html
Japan Vulnerability Notes JVN#12884935
FileZen vulnerable to directory traversal
https://jvn.jp/en/jp/JVN12884935/
[Important] FileZen directory traversal vulnerability (Japanese)
https://www.soliton.co.jp/support/2020/004278.html
Japan Vulnerability Notes JVN#12884935
FileZen vulnerable to directory traversal
https://jvn.jp/en/jp/JVN12884935/
If you have any information regarding this alert, please contact JPCERT/CC.
Revision History
2020-12-02 First edition2020-12-11 Updated "I. Overview", "II. Affected Products and Versions" and "IV. References"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/