An arbitrary file deletion vulnerability in the IEI Integration Corp iVEC-IEI system allows authenticated attackers to destroy critical system files and cause service disruption.

This vulnerability involves improper validation of file paths, allowing an authenticated remote attacker to delete arbitrary system files or directories on the underlying host.

With a CVSS score of 8.1, this flaw represents a significant risk to system availability and data integrity. Successful exploitation could lead to the deletion of critical system configuration files, resulting in permanent service disruption and potential loss of operational data.

Immediate Action: Apply the latest firmware or security updates provided by IEI Integration Corp.

Proactive Monitoring: Monitor system logs for unauthorized file deletion commands or suspicious administrative activity targeting critical system paths.

Compensating Controls: Implement strict access controls and ensure that the administrative interface for the edge computer is not exposed to the public internet.

Public Exploit Available: False

The potential for complete system disruption makes this vulnerability a high priority for remediation. Administrators should verify their current firmware version and apply the vendor-recommended patch to prevent unauthorized file manipulation.