Lucene search

CiscoCVE-2014-0666

HistoryJan 16, 2014 - 7:55 p.m.

CVE-2014-0666

2014-01-1619:55:04

CWE-22

cisco

web.nvd.nist.gov

cisco

jabber

cve

2014

0666

directory traversal

vulnerability

nvd

bug id

cscug48056

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.026

Percentile

90.3%

JSON

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.

Affected configurations

Nvd

Node

ciscojabberRange≤9.2\(.1\)---windows

ciscojabberMatch9.0---windows

ciscojabberMatch9.0\(.0\)---windows

ciscojabberMatch9.0\(.1\)---windows

ciscojabberMatch9.0\(.2\)---windows

ciscojabberMatch9.0\(.3\)---windows

ciscojabberMatch9.0\(.4\)---windows

ciscojabberMatch9.0\(.5\)---windows

ciscojabberMatch9.1---windows

ciscojabberMatch9.1\(.0\)---windows

ciscojabberMatch9.1\(.1\)---windows

ciscojabberMatch9.1\(.2\)---windows

ciscojabberMatch9.1\(.3\)---windows

ciscojabberMatch9.1\(.4\)---windows

ciscojabberMatch9.1\(.5\)---windows

ciscojabberMatch9.2---windows

ciscojabberMatch9.2\(.0\)---windows

VendorProductVersionCPE
ciscojabber*cpe:2.3:a:cisco:jabber:*:-:-:*:-:windows:*:*
ciscojabber9.0cpe:2.3:a:cisco:jabber:9.0:-:-:*:-:windows:*:*
ciscojabber9.0(.0)cpe:2.3:a:cisco:jabber:9.0\(.0\):-:-:*:-:windows:*:*
ciscojabber9.0(.1)cpe:2.3:a:cisco:jabber:9.0\(.1\):-:-:*:-:windows:*:*
ciscojabber9.0(.2)cpe:2.3:a:cisco:jabber:9.0\(.2\):-:-:*:-:windows:*:*
ciscojabber9.0(.3)cpe:2.3:a:cisco:jabber:9.0\(.3\):-:-:*:-:windows:*:*
ciscojabber9.0(.4)cpe:2.3:a:cisco:jabber:9.0\(.4\):-:-:*:-:windows:*:*
ciscojabber9.0(.5)cpe:2.3:a:cisco:jabber:9.0\(.5\):-:-:*:-:windows:*:*
ciscojabber9.1cpe:2.3:a:cisco:jabber:9.1:-:-:*:-:windows:*:*
ciscojabber9.1(.0)cpe:2.3:a:cisco:jabber:9.1\(.0\):-:-:*:-:windows:*:*

Vendor	Product	Version	CPE
cisco	jabber	*	cpe:2.3:a:cisco:jabber::-:-::-:windows::
cisco	jabber	9.0	cpe:2.3:a:cisco:jabber:9.0:-:-::-:windows::*
cisco	jabber	9.0(.0)	cpe:2.3:a:cisco:jabber:9.0\(.0\):-:-::-:windows::*
cisco	jabber	9.0(.1)	cpe:2.3:a:cisco:jabber:9.0\(.1\):-:-::-:windows::*
cisco	jabber	9.0(.2)	cpe:2.3:a:cisco:jabber:9.0\(.2\):-:-::-:windows::*
cisco	jabber	9.0(.3)	cpe:2.3:a:cisco:jabber:9.0\(.3\):-:-::-:windows::*
cisco	jabber	9.0(.4)	cpe:2.3:a:cisco:jabber:9.0\(.4\):-:-::-:windows::*
cisco	jabber	9.0(.5)	cpe:2.3:a:cisco:jabber:9.0\(.5\):-:-::-:windows::*
cisco	jabber	9.1	cpe:2.3:a:cisco:jabber:9.1:-:-::-:windows::*
cisco	jabber	9.1(.0)	cpe:2.3:a:cisco:jabber:9.1\(.0\):-:-::-:windows::*

Rows per page:

1-10 of 171

References

osvdb.org/102122

secunia.com/advisories/56331

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666

tools.cisco.com/security/center/viewAlert.x?alertId=32451

www.securityfocus.com/bid/64965

www.securitytracker.com/id/1029635

exchange.xforce.ibmcloud.com/vulnerabilities/90435

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.026

Percentile

90.3%

JSON

Related for CVE-2014-0666