CVE-2012-4104

Loading...

General

Score:6.6/10.0
Severity:Medium
Category:Path Manipulation

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Medium
Authentication:Single

Published on 03/10/13 - Updated on 03/10/13

Description

Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706.

Category: Path Manipulation

CWE-22 (Path Traversal)
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Security Notices

US National Vulnerability DatabaseCVE-2012-4104

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
ciscounified_computing_system

Share this vulnerability with:

Twitter Facebook LinkedIn Mail