Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections.
Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.
AnalysisAI
A security vulnerability in SFTP service in Infinera G42 (CVSS 6.5) that allows remote authenticated users. Remediation should follow standard vulnerability management procedures.
Technical ContextAI
Vulnerability type not specified by vendor. Affects SFTP service in Infinera G42.
RemediationAI
Monitor vendor channels for patch availability.
More in G42 Firmware
View allA path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated u
The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low pri
Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users
A security vulnerability in the WebGUI for CLI deactivation in Infinera G42 (CVSS 4.9) that allows an authenticated admi
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-19705