CWE-27
Path Traversal: 'dir/../../filename'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory.
CVE-2021-35027 (GCVE-0-2021-35027)
Vulnerability from cvelistv5
Published
2021-09-29 10:32
Modified
2024-08-04 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-27 - Path Traversal: 'dir/../../filename'
Summary
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Zyxel | ZyWALL VPN2S Firmware |
Version: 1.12(ABLN.0)C0 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T00:26:55.923Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "ZyWALL VPN2S Firmware", "vendor": "Zyxel", "versions": [ { "status": "affected", "version": "1.12(ABLN.0)C0" } ] } ], "descriptions": [ { "lang": "en", "value": "A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-27", "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-29T10:32:04", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2021-35027", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ZyWALL VPN2S Firmware", "version": { "version_data": [ { "version_value": "1.12(ABLN.0)C0" } ] } } ] }, "vendor_name": "Zyxel" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information." } ] }, "impact": { "cvss": { "baseScore": "7.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml", "refsource": "MISC", "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml" } ] } } } }, "cveMetadata": { "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2021-35027", "datePublished": "2021-09-29T10:32:04", "dateReserved": "2021-06-17T00:00:00", "dateUpdated": "2024-08-04T00:26:55.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2022-24785 (GCVE-0-2022-24785)
Vulnerability from cvelistv5
Published
2022-04-04 00:00
Modified
2025-04-23 18:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T04:20:50.533Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" }, { "tags": [ "x_transferred" ], "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5" }, { "tags": [ "x_transferred" ], "url": "https://www.tenable.com/security/tns-2022-09" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20220513-0006/" }, { "name": "FEDORA-2022-85aa8e5706", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/" }, { "name": "FEDORA-2022-35b698150c", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/" }, { "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-24785", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-04-23T15:56:10.022369Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-04-23T18:42:13.669Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "moment", "vendor": "moment", "versions": [ { "status": "affected", "version": "\u003e= 1.0.1, \u003c 2.29.2" } ] } ], "descriptions": [ { "lang": "en", "value": "Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-27", "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-31T00:00:00.000Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4" }, { "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5" }, { "url": "https://www.tenable.com/security/tns-2022-09" }, { "url": "https://security.netapp.com/advisory/ntap-20220513-0006/" }, { "name": "FEDORA-2022-85aa8e5706", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/" }, { "name": "FEDORA-2022-35b698150c", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/" }, { "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html" } ], "source": { "advisory": "GHSA-8hfj-j24r-96c4", "discovery": "UNKNOWN" }, "title": "Path Traversal in Moment.js" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-24785", "datePublished": "2022-04-04T00:00:00.000Z", "dateReserved": "2022-02-10T00:00:00.000Z", "dateUpdated": "2025-04-23T18:42:13.669Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-20090 (GCVE-0-2023-20090)
Vulnerability from cvelistv5
Published
2024-11-15 15:19
Modified
2024-11-15 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-27 - Path Traversal: 'dir/../../filename'
Summary
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Impacted products
Vendor | Product | Version | |||||||
---|---|---|---|---|---|---|---|---|---|
► | Cisco | Cisco RoomOS Software |
Version: N/A |
||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "telepresence_collaboration_endpoint", "vendor": "cisco", "versions": [ { "status": "affected", "version": "9.0.1" }, { "status": "affected", "version": "9.10.1" }, { "status": "affected", "version": "9.10.2" }, { "status": "affected", "version": "9.10.3" }, { "status": "affected", "version": "9.1.1" }, { "status": "affected", "version": "9.1.2" }, { "status": "affected", "version": "9.12.3" }, { "status": "affected", "version": "9.12.4" }, { "status": "affected", "version": "9.12.5" }, { "status": "affected", "version": "9.1.3" }, { "status": "affected", "version": "9.13.0" }, { "status": "affected", "version": "9.13.1" }, { "status": "affected", "version": "9.13.2" }, { "status": "affected", "version": "9.13.3" }, { "status": "affected", "version": "9.1.4" }, { "status": "affected", "version": "9.14.3" }, { "status": "affected", "version": "9.14.4" }, { "status": "affected", "version": "9.14.5" }, { "status": "affected", "version": "9.14.6" }, { "status": "affected", "version": "9.1.5" }, { "status": "affected", "version": "9.15.0.10" }, { "status": "affected", "version": "9.15.0.11" }, { "status": "affected", "version": "9.15.13.0" }, { "status": "affected", "version": "9.15.8.12" }, { "status": "affected", "version": "9.1.6" }, { "status": "affected", "version": "9.2.1" }, { "status": "affected", "version": "9.2.2" }, { "status": "affected", "version": "9.2.3" }, { "status": "affected", "version": "9.2.4" }, { "status": "affected", "version": "9.9.3" }, { "status": "affected", "version": "9.9.4" } ] }, { "cpes": [ "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "telepresence_collaboration_endpoint", "vendor": "cisco", "versions": [ { "status": "affected", "version": "9.15.0.19" }, { "status": "affected", "version": "9.15.10.8" }, { "status": "affected", "version": "9.15.13.0" }, { "status": "affected", "version": "9.15.15.4" }, { "status": "affected", "version": "9.15.16.5" }, { "status": "affected", "version": "9.15.3.18" }, { "status": "affected", "version": "9.15.3.19" }, { "status": "affected", "version": "9.15.3.22" }, { "status": "affected", "version": "9.15.3.25" }, { "status": "affected", "version": "9.15.3.26" }, { "status": "affected", "version": "9.15.8.12" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-20090", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:49:25.857316Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:15:43.778Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco RoomOS Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "defaultStatus": "unknown", "product": "Cisco TelePresence Endpoint Software (TC/CE)", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "CE9.10.2" }, { "status": "affected", "version": "CE9.1.4" }, { "status": "affected", "version": "CE9.9.3" }, { "status": "affected", "version": "CE9.10.3" }, { "status": "affected", "version": "CE9.1.5" }, { "status": "affected", "version": "CE9.2.4" }, { "status": "affected", "version": "CE9.10.1" }, { "status": "affected", "version": "CE9.13.0" }, { "status": "affected", "version": "CE9.1.2" }, { "status": "affected", "version": "CE9.1.1" }, { "status": "affected", "version": "CE9.9.4" }, { "status": "affected", "version": "CE9.2.1" }, { "status": "affected", "version": "CE9.1.3" }, { "status": "affected", "version": "CE9.0.1" }, { "status": "affected", "version": "CE9.1.6" }, { "status": "affected", "version": "CE9.12.4" }, { "status": "affected", "version": "CE9.2.2" }, { "status": "affected", "version": "CE9.12.3" }, { "status": "affected", "version": "CE9.2.3" }, { "status": "affected", "version": "CE9.13.1" }, { "status": "affected", "version": "CE9.14.3" }, { "status": "affected", "version": "CE9.14.4" }, { "status": "affected", "version": "CE9.13.2" }, { "status": "affected", "version": "CE9.12.5" }, { "status": "affected", "version": "CE9.14.5" }, { "status": "affected", "version": "CE9.15.0.10" }, { "status": "affected", "version": "CE9.15.0.11" }, { "status": "affected", "version": "CE9.13.3" }, { "status": "affected", "version": "CE9.15.0.13" }, { "status": "affected", "version": "CE9.14.6" }, { "status": "affected", "version": "CE9.15.3.17" }, { "status": "affected", "version": "CE9.14.7" }, { "status": "affected", "version": "CE9.15.0.19" }, { "status": "affected", "version": "CE9.15.3.19" }, { "status": "affected", "version": "CE9.15.3.18" }, { "status": "affected", "version": "CE9.15.3.22" }, { "status": "affected", "version": "CE9.15.8.12" }, { "status": "affected", "version": "CE9.15.10.8" }, { "status": "affected", "version": "CE9.15.3.26" }, { "status": "affected", "version": "CE9.15.3.25" }, { "status": "affected", "version": "CE9.15.13.0" }, { "status": "affected", "version": "CE9.15.15.4" }, { "status": "affected", "version": "CE9.15.16.5" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-27", "description": "Path Traversal: \u0027dir/../../filename\u0027", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-15T15:19:09.891Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-roomos-file-write-rHKwegKf", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf" } ], "source": { "advisory": "cisco-sa-roomos-file-write-rHKwegKf", "defects": [ "CSCwc85883" ], "discovery": "INTERNAL" }, "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20090", "datePublished": "2024-11-15T15:19:09.891Z", "dateReserved": "2022-10-27T18:47:50.335Z", "dateUpdated": "2024-11-15T17:15:43.778Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-20127 (GCVE-0-2023-20127)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.685Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20127", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-25T14:35:37.618528Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T16:01:24.242Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Prime Infrastructure ", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2023-04-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-27", "description": "CWE-27", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-05T00:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": [ "vendor-advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe" } ], "source": { "advisory": "cisco-sa-pi-epnm-eRPWAXLe", "defect": [ [ "CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561" ] ], "discovery": "INTERNAL" }, "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20127", "datePublished": "2023-04-05T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-10-25T16:01:24.242Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-20129 (GCVE-0-2023-20129)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.593Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20129", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-25T14:35:30.474321Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T16:01:15.745Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Prime Infrastructure ", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2023-04-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-27", "description": "CWE-27", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-05T00:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": [ "vendor-advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe" } ], "source": { "advisory": "cisco-sa-pi-epnm-eRPWAXLe", "defect": [ [ "CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561" ] ], "discovery": "INTERNAL" }, "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20129", "datePublished": "2023-04-05T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-10-25T16:01:15.745Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-20130 (GCVE-0-2023-20130)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.870Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20130", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-25T14:35:23.838355Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T16:01:07.105Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Prime Infrastructure ", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2023-04-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-27", "description": "CWE-27", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-05T00:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": [ "vendor-advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe" } ], "source": { "advisory": "cisco-sa-pi-epnm-eRPWAXLe", "defect": [ [ "CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561" ] ], "discovery": "INTERNAL" }, "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20130", "datePublished": "2023-04-05T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-10-25T16:01:07.105Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-20131 (GCVE-0-2023-20131)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
References
► | URL | Tags |
---|---|---|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Cisco | Cisco Prime Infrastructure |
Version: n/a |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:36.045Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20131", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-25T14:35:17.326729Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-25T16:00:51.219Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Prime Infrastructure ", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2023-04-05T00:00:00", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-27", "description": "CWE-27", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-05T00:00:00", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities", "tags": [ "vendor-advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe" } ], "source": { "advisory": "cisco-sa-pi-epnm-eRPWAXLe", "defect": [ [ "CSCwc25461", "CSCwc51948", "CSCwc76734", "CSCwd28312", "CSCwd69561" ] ], "discovery": "INTERNAL" }, "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities" } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20131", "datePublished": "2023-04-05T00:00:00", "dateReserved": "2022-10-27T00:00:00", "dateUpdated": "2024-10-25T16:00:51.219Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-27588 (GCVE-0-2023-27588)
Vulnerability from cvelistv5
Published
2023-03-14 17:23
Modified
2025-02-25 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch.
References
► | URL | Tags | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
hasura | graphql-engine |
Version: < 1.3.4 Version: >= 2.0.0, < 2.11.5 Version: >= 2.2.0, < 2.20.1 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:16:35.882Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x" }, { "name": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158" }, { "name": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4" }, { "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5" }, { "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1" }, { "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-27588", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-25T14:31:06.675110Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-25T14:57:42.725Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "graphql-engine", "vendor": "hasura", "versions": [ { "status": "affected", "version": "\u003c 1.3.4" }, { "status": "affected", "version": "\u003e= 2.0.0, \u003c 2.11.5" }, { "status": "affected", "version": "\u003e= 2.2.0, \u003c 2.20.1" } ] } ], "descriptions": [ { "lang": "en", "value": "Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-27", "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-14T17:23:10.499Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x" }, { "name": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158" }, { "name": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4" }, { "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5" }, { "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1" }, { "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1" } ], "source": { "advisory": "GHSA-c9rw-rw2f-mj4x", "discovery": "UNKNOWN" }, "title": "Unauthenticated path traversal vulnerability in Hasura GraphQL Engine" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-27588", "datePublished": "2023-03-14T17:23:10.499Z", "dateReserved": "2023-03-04T01:03:53.635Z", "dateUpdated": "2025-02-25T14:57:42.725Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-34125 (GCVE-0-2023-34125)
Vulnerability from cvelistv5
Published
2023-07-13 00:21
Modified
2024-11-05 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-27 - Path Traversal: 'dir/../../filename'
Summary
Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
References
► | URL | Tags |
---|---|---|
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:01:54.052Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010" }, { "tags": [ "related", "x_transferred" ], "url": "https://www.sonicwall.com/support/notices/230710150218060" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-34125", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-05T15:34:38.926559Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-05T15:34:52.319Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unknown", "product": "GMS", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "9.3.2-SP1 and earlier versions" } ] }, { "defaultStatus": "unknown", "product": "Analytics", "vendor": "SonicWall", "versions": [ { "status": "affected", "version": "2.5.0.4-R7 and earlier versions" } ] } ], "datePublic": "2023-07-13T00:19:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\u003cp\u003e\u003c/p\u003e" } ], "value": "Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-27", "description": "CWE-27 Path Traversal: \u0027dir/../../filename\u0027", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-13T00:21:21.095Z", "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "shortName": "sonicwall" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010" }, { "tags": [ "related" ], "url": "https://www.sonicwall.com/support/notices/230710150218060" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315", "assignerShortName": "sonicwall", "cveId": "CVE-2023-34125", "datePublished": "2023-07-13T00:21:21.095Z", "dateReserved": "2023-05-25T22:45:46.851Z", "dateUpdated": "2024-11-05T15:34:52.319Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2023-50254 (GCVE-0-2023-50254)
Vulnerability from cvelistv5
Published
2023-12-22 16:49
Modified
2024-08-02 22:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
References
► | URL | Tags | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
linuxdeepin | developer-center |
Version: < 6.0.7 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:16:46.096Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495" }, { "name": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04" }, { "name": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "developer-center", "vendor": "linuxdeepin", "versions": [ { "status": "affected", "version": "\u003c 6.0.7" } ] } ], "descriptions": [ { "lang": "en", "value": "Deepin Linux\u0027s default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-27", "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-22T16:49:48.977Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495" }, { "name": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04" }, { "name": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6" } ], "source": { "advisory": "GHSA-q9jr-726g-9495", "discovery": "UNKNOWN" }, "title": "Deepin Reader RCE vulnerability due to a design flaw" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-50254", "datePublished": "2023-12-22T16:49:48.977Z", "dateReserved": "2023-12-05T20:42:59.378Z", "dateUpdated": "2024-08-02T22:16:46.096Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation ID: MIT-5.1
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
- Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20
Phase: Implementation
Strategy: Input Validation
Description:
- Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
No CAPEC attack patterns related to this CWE.