| |
Vulnerability CVE-2014-2276
Published: 2014-03-21
Description: |
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file. |
See advisories in our WLB2 database: | Topic | Author | Date |
Low |
| Bluesea | 20.03.2014 |
Type:
CWE-264 (Permissions, Privileges, and Access Controls)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|