Vulnerability Details : CVE-2014-0666
Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.
Vulnerability category: Directory traversalExecute code
Exploit prediction scoring system (EPSS) score for CVE-2014-0666
Probability of exploitation activity in the next 30 days: 2.58%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0666
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-0666
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0666
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90435
Cisco Jabber for Window Send Screen Capture code execution CVE-2014-0666 Vulnerability Report
-
http://www.securitytracker.com/id/1029635
Cisco Jabber for Windows Bug in Send Screen Capture Feature Lets Remote Users Install Arbitrary Files - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666
Cisco Jabber for Windows Remote Code Execution VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/64965
Cisco Jabber for Windows CVE-2014-0666 Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=32451
Cisco Jabber for Windows Remote Code Execution VulnerabilityVendor Advisory
Products affected by CVE-2014-0666
- cpe:2.3:a:cisco:jabber:*:-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.1\(.4\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.1\(.3\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.0\(.3\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.0\(.2\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.0\(.1\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.2\(.0\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.1\(.0\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.1:-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.1\(.2\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.1\(.1\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.0\(.0\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.0:-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.2:-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.1\(.5\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.0\(.5\):-:-:*:-:windows:*:*
- cpe:2.3:a:cisco:jabber:9.0\(.4\):-:-:*:-:windows:*:*