Описание
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2 (включая)Версия до 1.2 (включая)
Одно из
cpe:2.3:a:cisco:application_control_engine_device_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:application_control_engine_device_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:application_networking_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:application_networking_manager:1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00221
Низкий
9 Critical
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in Cisco Application Networking Manager (ANM) before 2.0 and Application Control Engine (ACE) Device Manager before A3(2.1) allows remote authenticated users to read or modify arbitrary files via unspecified vectors, related to "invalid directory permissions."
EPSS
Процентиль: 44%
0.00221
Низкий
9 Critical
CVSS2
Дефекты
CWE-22