CVE-2013-6810
EMC Connectrix Manager Converged Network Edition inmservlets.war SoftwareFileUploadMoreInfoServlet Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.
El servidor en EMC Connectrix Manager Converged Network Edition (CMCNE) 11.2.1, 12.0.1, y 12.0.3 permite a atacantes remotos ejecutar código arbitrario mediante el uso de un servlet para subir un archivo ejecutable.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the 'SoftwareFileUploadMoreInfoServlet', which allows an unauthenticated user to copy any file to an arbitrary location on the server. When combined with information disclosure vulnerabilities, an attacker can leverage this directory traversal vulnerability into arbitrary code execution on the compromised server in the security context of the Administrator account.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-11-19 CVE Reserved
- 2013-12-12 CVE Published
- 2023-06-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html | Mailing List | |
| http://secunia.com/advisories/56143 | Third Party Advisory | |
| http://www.attrition.org/pipermail/vim/2014-January/002755.html | Mailing List | |
| http://www.securitytracker.com/id/1029485 | Vdb Entry | |
| http://www.zerodayinitiative.com/advisories/ZDI-13-283 | X_refsource_misc |
|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/90728 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/42702 | 2024-08-06 | |
| https://www.exploit-db.com/exploits/42701 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=138723620521347&w=2 | 2017-09-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Connectrix Manager Search vendor "Emc" for product "Connectrix Manager" | 11.2.1 Search vendor "Emc" for product "Connectrix Manager" and version "11.2.1" | converged_network_edition |
Affected
| ||||||
| Emc Search vendor "Emc" | Connectrix Manager Search vendor "Emc" for product "Connectrix Manager" | 12.0.1 Search vendor "Emc" for product "Connectrix Manager" and version "12.0.1" | converged_network_edition |
Affected
| ||||||
| Emc Search vendor "Emc" | Connectrix Manager Search vendor "Emc" for product "Connectrix Manager" | 12.0.3 Search vendor "Emc" for product "Connectrix Manager" and version "12.0.3" | converged_network_edition |
Affected
| ||||||