Vulnerability Name: | CVE-2014-0666 (CCN-90435) | ||||||||
Assigned: | 2014-01-15 | ||||||||
Published: | 2014-01-15 | ||||||||
Updated: | 2017-08-29 | ||||||||
Summary: | Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-22 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2014-0666 Source: OSVDB Type: UNKNOWN 102122 Source: CCN Type: SA56331 Cisco Jabber for Windows Send Screen Capture Directory Traversal Vulnerability Source: SECUNIA Type: UNKNOWN 56331 Source: CCN Type: Cisco Security Notice Cisco Jabber for Windows Remote Code Execution Vulnerability Source: CISCO Type: Vendor Advisory 20140115 Cisco Jabber for Windows Remote Code Execution Vulnerability Source: CONFIRM Type: Vendor Advisory http://tools.cisco.com/security/center/viewAlert.x?alertId=32451 Source: BID Type: Third Party Advisory, VDB Entry 64965 Source: CCN Type: BID-64965 Cisco Jabber for Windows CVE-2014-0666 Remote Code Execution Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1029635 Source: XF Type: UNKNOWN cisco-jabber-cve20140666-code-exec(90435) Source: XF Type: UNKNOWN cisco-jabber-cve20140666-code-exec(90435) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |