CWE-27

Path Traversal: 'dir/../../filename'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory.

CVE-2021-35027 (GCVE-0-2021-35027)
Vulnerability from cvelistv5
Published
2021-09-29 10:32
Modified
2024-08-04 00:26
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
Summary
A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information.
Impacted products
Vendor Product Version
Zyxel ZyWALL VPN2S Firmware Version: 1.12(ABLN.0)C0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:26:55.923Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ZyWALL VPN2S Firmware",
          "vendor": "Zyxel",
          "versions": [
            {
              "status": "affected",
              "version": "1.12(ABLN.0)C0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-29T10:32:04",
        "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
        "shortName": "Zyxel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@zyxel.com.tw",
          "ID": "CVE-2021-35027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ZyWALL VPN2S Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.12(ABLN.0)C0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Zyxel"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker to gain access to sensitive information."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.5",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml",
              "refsource": "MISC",
              "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f",
    "assignerShortName": "Zyxel",
    "cveId": "CVE-2021-35027",
    "datePublished": "2021-09-29T10:32:04",
    "dateReserved": "2021-06-17T00:00:00",
    "dateUpdated": "2024-08-04T00:26:55.923Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-24785 (GCVE-0-2022-24785)
Vulnerability from cvelistv5
Published
2022-04-04 00:00
Modified
2025-04-23 18:42
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-27 - Path Traversal: 'dir/../../filename'
Summary
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.
Impacted products
Vendor Product Version
moment moment Version: >= 1.0.1, < 2.29.2
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220513-0006/"
          },
          {
            "name": "FEDORA-2022-85aa8e5706",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/"
          },
          {
            "name": "FEDORA-2022-35b698150c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/"
          },
          {
            "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-24785",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:56:10.022369Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T18:42:13.669Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "moment",
          "vendor": "moment",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.1, \u003c 2.29.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-31T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"
        },
        {
          "url": "https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5"
        },
        {
          "url": "https://www.tenable.com/security/tns-2022-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220513-0006/"
        },
        {
          "name": "FEDORA-2022-85aa8e5706",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/"
        },
        {
          "name": "FEDORA-2022-35b698150c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/"
        },
        {
          "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html"
        }
      ],
      "source": {
        "advisory": "GHSA-8hfj-j24r-96c4",
        "discovery": "UNKNOWN"
      },
      "title": "Path Traversal in Moment.js"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-24785",
    "datePublished": "2022-04-04T00:00:00.000Z",
    "dateReserved": "2022-02-10T00:00:00.000Z",
    "dateUpdated": "2025-04-23T18:42:13.669Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20090 (GCVE-0-2023-20090)
Vulnerability from cvelistv5
Published
2024-11-15 15:19
Modified
2024-11-15 17:15
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
Summary
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Impacted products
Vendor Product Version
Cisco Cisco RoomOS Software Version: N/A
Create a notification for this product.
   Cisco Cisco TelePresence Endpoint Software (TC/CE) Version: CE9.10.2
Version: CE9.1.4
Version: CE9.9.3
Version: CE9.10.3
Version: CE9.1.5
Version: CE9.2.4
Version: CE9.10.1
Version: CE9.13.0
Version: CE9.1.2
Version: CE9.1.1
Version: CE9.9.4
Version: CE9.2.1
Version: CE9.1.3
Version: CE9.0.1
Version: CE9.1.6
Version: CE9.12.4
Version: CE9.2.2
Version: CE9.12.3
Version: CE9.2.3
Version: CE9.13.1
Version: CE9.14.3
Version: CE9.14.4
Version: CE9.13.2
Version: CE9.12.5
Version: CE9.14.5
Version: CE9.15.0.10
Version: CE9.15.0.11
Version: CE9.13.3
Version: CE9.15.0.13
Version: CE9.14.6
Version: CE9.15.3.17
Version: CE9.14.7
Version: CE9.15.0.19
Version: CE9.15.3.19
Version: CE9.15.3.18
Version: CE9.15.3.22
Version: CE9.15.8.12
Version: CE9.15.10.8
Version: CE9.15.3.26
Version: CE9.15.3.25
Version: CE9.15.13.0
Version: CE9.15.15.4
Version: CE9.15.16.5
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_collaboration_endpoint",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "9.0.1"
              },
              {
                "status": "affected",
                "version": "9.10.1"
              },
              {
                "status": "affected",
                "version": "9.10.2"
              },
              {
                "status": "affected",
                "version": "9.10.3"
              },
              {
                "status": "affected",
                "version": "9.1.1"
              },
              {
                "status": "affected",
                "version": "9.1.2"
              },
              {
                "status": "affected",
                "version": "9.12.3"
              },
              {
                "status": "affected",
                "version": "9.12.4"
              },
              {
                "status": "affected",
                "version": "9.12.5"
              },
              {
                "status": "affected",
                "version": "9.1.3"
              },
              {
                "status": "affected",
                "version": "9.13.0"
              },
              {
                "status": "affected",
                "version": "9.13.1"
              },
              {
                "status": "affected",
                "version": "9.13.2"
              },
              {
                "status": "affected",
                "version": "9.13.3"
              },
              {
                "status": "affected",
                "version": "9.1.4"
              },
              {
                "status": "affected",
                "version": "9.14.3"
              },
              {
                "status": "affected",
                "version": "9.14.4"
              },
              {
                "status": "affected",
                "version": "9.14.5"
              },
              {
                "status": "affected",
                "version": "9.14.6"
              },
              {
                "status": "affected",
                "version": "9.1.5"
              },
              {
                "status": "affected",
                "version": "9.15.0.10"
              },
              {
                "status": "affected",
                "version": "9.15.0.11"
              },
              {
                "status": "affected",
                "version": "9.15.13.0"
              },
              {
                "status": "affected",
                "version": "9.15.8.12"
              },
              {
                "status": "affected",
                "version": "9.1.6"
              },
              {
                "status": "affected",
                "version": "9.2.1"
              },
              {
                "status": "affected",
                "version": "9.2.2"
              },
              {
                "status": "affected",
                "version": "9.2.3"
              },
              {
                "status": "affected",
                "version": "9.2.4"
              },
              {
                "status": "affected",
                "version": "9.9.3"
              },
              {
                "status": "affected",
                "version": "9.9.4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_collaboration_endpoint",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "9.15.0.19"
              },
              {
                "status": "affected",
                "version": "9.15.10.8"
              },
              {
                "status": "affected",
                "version": "9.15.13.0"
              },
              {
                "status": "affected",
                "version": "9.15.15.4"
              },
              {
                "status": "affected",
                "version": "9.15.16.5"
              },
              {
                "status": "affected",
                "version": "9.15.3.18"
              },
              {
                "status": "affected",
                "version": "9.15.3.19"
              },
              {
                "status": "affected",
                "version": "9.15.3.22"
              },
              {
                "status": "affected",
                "version": "9.15.3.25"
              },
              {
                "status": "affected",
                "version": "9.15.3.26"
              },
              {
                "status": "affected",
                "version": "9.15.8.12"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20090",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:49:25.857316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:15:43.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco RoomOS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco TelePresence Endpoint Software (TC/CE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "CE9.10.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.4"
            },
            {
              "status": "affected",
              "version": "CE9.9.3"
            },
            {
              "status": "affected",
              "version": "CE9.10.3"
            },
            {
              "status": "affected",
              "version": "CE9.1.5"
            },
            {
              "status": "affected",
              "version": "CE9.2.4"
            },
            {
              "status": "affected",
              "version": "CE9.10.1"
            },
            {
              "status": "affected",
              "version": "CE9.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.1.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.1"
            },
            {
              "status": "affected",
              "version": "CE9.9.4"
            },
            {
              "status": "affected",
              "version": "CE9.2.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.3"
            },
            {
              "status": "affected",
              "version": "CE9.0.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.6"
            },
            {
              "status": "affected",
              "version": "CE9.12.4"
            },
            {
              "status": "affected",
              "version": "CE9.2.2"
            },
            {
              "status": "affected",
              "version": "CE9.12.3"
            },
            {
              "status": "affected",
              "version": "CE9.2.3"
            },
            {
              "status": "affected",
              "version": "CE9.13.1"
            },
            {
              "status": "affected",
              "version": "CE9.14.3"
            },
            {
              "status": "affected",
              "version": "CE9.14.4"
            },
            {
              "status": "affected",
              "version": "CE9.13.2"
            },
            {
              "status": "affected",
              "version": "CE9.12.5"
            },
            {
              "status": "affected",
              "version": "CE9.14.5"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.10"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.11"
            },
            {
              "status": "affected",
              "version": "CE9.13.3"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.13"
            },
            {
              "status": "affected",
              "version": "CE9.14.6"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.17"
            },
            {
              "status": "affected",
              "version": "CE9.14.7"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.19"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.19"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.18"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.22"
            },
            {
              "status": "affected",
              "version": "CE9.15.8.12"
            },
            {
              "status": "affected",
              "version": "CE9.15.10.8"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.26"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.25"
            },
            {
              "status": "affected",
              "version": "CE9.15.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.15.15.4"
            },
            {
              "status": "affected",
              "version": "CE9.15.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T15:19:09.891Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-roomos-file-write-rHKwegKf",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
        }
      ],
      "source": {
        "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
        "defects": [
          "CSCwc85883"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20090",
    "datePublished": "2024-11-15T15:19:09.891Z",
    "dateReserved": "2022-10-27T18:47:50.335Z",
    "dateUpdated": "2024-11-15T17:15:43.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20127 (GCVE-0-2023-20127)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:01
CWE
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20127",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:35:37.618528Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:01:24.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Infrastructure ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-epnm-eRPWAXLe",
        "defect": [
          [
            "CSCwc25461",
            "CSCwc51948",
            "CSCwc76734",
            "CSCwd28312",
            "CSCwd69561"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20127",
    "datePublished": "2023-04-05T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-25T16:01:24.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20129 (GCVE-0-2023-20129)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:01
CWE
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.593Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:35:30.474321Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:01:15.745Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Infrastructure ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-epnm-eRPWAXLe",
        "defect": [
          [
            "CSCwc25461",
            "CSCwc51948",
            "CSCwc76734",
            "CSCwd28312",
            "CSCwd69561"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20129",
    "datePublished": "2023-04-05T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-25T16:01:15.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20130 (GCVE-0-2023-20130)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:01
CWE
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20130",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:35:23.838355Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:01:07.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Infrastructure ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-epnm-eRPWAXLe",
        "defect": [
          [
            "CSCwc25461",
            "CSCwc51948",
            "CSCwc76734",
            "CSCwd28312",
            "CSCwd69561"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20130",
    "datePublished": "2023-04-05T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-25T16:01:07.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20131 (GCVE-0-2023-20131)
Vulnerability from cvelistv5
Published
2023-04-05 00:00
Modified
2024-10-25 16:00
CWE
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:36.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:35:17.326729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:00:51.219Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Infrastructure ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-epnm-eRPWAXLe",
        "defect": [
          [
            "CSCwc25461",
            "CSCwc51948",
            "CSCwc76734",
            "CSCwd28312",
            "CSCwd69561"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20131",
    "datePublished": "2023-04-05T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-25T16:00:51.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27588 (GCVE-0-2023-27588)
Vulnerability from cvelistv5
Published
2023-03-14 17:23
Modified
2025-02-25 14:57
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch.
Impacted products
Vendor Product Version
hasura graphql-engine Version: < 1.3.4
Version: >= 2.0.0, < 2.11.5
Version: >= 2.2.0, < 2.20.1
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:35.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T14:31:06.675110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T14:57:42.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "graphql-engine",
          "vendor": "hasura",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.11.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.20.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-14T17:23:10.499Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1"
        }
      ],
      "source": {
        "advisory": "GHSA-c9rw-rw2f-mj4x",
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated path traversal vulnerability in Hasura GraphQL Engine"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-27588",
    "datePublished": "2023-03-14T17:23:10.499Z",
    "dateReserved": "2023-03-04T01:03:53.635Z",
    "dateUpdated": "2025-02-25T14:57:42.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-34125 (GCVE-0-2023-34125)
Vulnerability from cvelistv5
Published
2023-07-13 00:21
Modified
2024-11-05 15:34
Severity ?
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
Summary
Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Impacted products
Vendor Product Version
SonicWall GMS Version: 9.3.2-SP1 and earlier versions
Create a notification for this product.
   SonicWall Analytics Version: 2.5.0.4-R7 and earlier versions
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:01:54.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://www.sonicwall.com/support/notices/230710150218060"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-34125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T15:34:38.926559Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:34:52.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GMS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.2-SP1 and earlier versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Analytics",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.0.4-R7 and earlier versions"
            }
          ]
        }
      ],
      "datePublic": "2023-07-13T00:19:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27 Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-13T00:21:21.095Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.sonicwall.com/support/notices/230710150218060"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2023-34125",
    "datePublished": "2023-07-13T00:21:21.095Z",
    "dateReserved": "2023-05-25T22:45:46.851Z",
    "dateUpdated": "2024-11-05T15:34:52.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50254 (GCVE-0-2023-50254)
Vulnerability from cvelistv5
Published
2023-12-22 16:49
Modified
2024-08-02 22:16
Severity ?
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495"
          },
          {
            "name": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04"
          },
          {
            "name": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "developer-center",
          "vendor": "linuxdeepin",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Deepin Linux\u0027s default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-22T16:49:48.977Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495"
        },
        {
          "name": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04"
        },
        {
          "name": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6"
        }
      ],
      "source": {
        "advisory": "GHSA-q9jr-726g-9495",
        "discovery": "UNKNOWN"
      },
      "title": "Deepin Reader RCE vulnerability due to a design flaw"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-50254",
    "datePublished": "2023-12-22T16:49:48.977Z",
    "dateReserved": "2023-12-05T20:42:59.378Z",
    "dateUpdated": "2024-08-02T22:16:46.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation ID: MIT-5.1

Phase: Implementation

Strategy: Input Validation

Description:

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation ID: MIT-20

Phase: Implementation

Strategy: Input Validation

Description:

  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page