CVE-2014-2276
EMC Connectrix Manager Converged Network Edition inmservlets.war FileUploadController Servlet Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
El servlet FileUploadController en EMC Connectrix Manager Converged Network Edition (CMCNE) anterior a 12.1.5 no restringe debidamente adiciones al repositorio Connectrix Manager, lo que permite a atacantes remotos obtener informaciĆ³n sensible mediante la importaciĆ³n de un archivo de firmware manipulado.
This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of EMC Connectrix Manager Converged Network Edition. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the FileUploadController servlet which is part of inmservlets. This vulnerability allows an unauthenticated user to read an arbitrary file on the system. An attacker can use this to either disclose sensitive data or to disclose information about the server that can be used in a subsequent attack.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-03-04 CVE Reserved
- 2014-03-20 CVE Published
- 2023-12-16 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html | Mailing List | |
| http://secunia.com/advisories/57513 | Third Party Advisory | |
| http://www.securityfocus.com/bid/66308 | Vdb Entry | |
| http://www.securitytracker.com/id/1029939 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91987 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Connectrix Manager Search vendor "Emc" for product "Connectrix Manager" | <= 12.1.2 Search vendor "Emc" for product "Connectrix Manager" and version " <= 12.1.2" | converged_network_edition |
Affected
| ||||||