CVE-2014-0666

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://tools.cisco.com/security/center/viewAlert.x?alertId=32451	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666	Vendor Advisory
http://www.securityfocus.com/bid/64965	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029635	Third Party Advisory VDB Entry
http://secunia.com/advisories/56331
http://osvdb.org/102122
https://exchange.xforce.ibmcloud.com/vulnerabilities/90435

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:jabber:9.1\(.4\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.1\(.3\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.0\(.3\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.0\(.2\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.0\(.1\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber::-:-::-:windows::
	cpe:2.3:a:cisco:jabber:9.2\(.0\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.1\(.0\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.1:-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.1\(.2\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.1\(.1\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.0\(.4\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.0:-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.1\(.5\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.2:-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.0\(.0\):-:-::-:windows::*
	cpe:2.3:a:cisco:jabber:9.0\(.5\):-:-::-:windows::*

Information

Published : 2014-01-16 11:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-0666

Mitre link : CVE-2014-0666

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

Products Affected

cisco

jabber

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32451", "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32451", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666", "name": "20140115 Cisco Jabber for Windows Remote Code Execution Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/64965", "name": "64965", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1029635", "name": "1029635", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/56331", "name": "56331", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/102122", "name": "102122", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90435", "name": "cisco-jabber-cve20140666-code-exec(90435)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0666", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-01-16T19:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.1\\(.4\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.1\\(.3\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.0\\(.3\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.0\\(.2\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.0\\(.1\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:*:-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "9.2\\(.1\\)"}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.2\\(.0\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.1\\(.0\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.1:-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.1\\(.2\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.1\\(.1\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.0\\(.4\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.0:-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.1\\(.5\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.2:-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.0\\(.0\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:jabber:9.0\\(.5\\):-:-:*:-:windows:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:34Z"}