CVE-2014-0666

CWE-22 — Path Traversal6 documents6 sources

Severity

4.3MEDIUM

EPSS

10.4%

top 6.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Jabber

Timeline

PublishedJan 16

Latest updateMay 17

Description

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/jabber9.2\(.1\)+16

🔴Vulnerability Details

GHSA

GHSA-75rf-hx73-vjfr: Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9↗2022-05-17

▶

CVEList

CVE-2014-0666: Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9↗2014-01-16

▶

📋Vendor Advisories

Red Hat

php: insecure default permissions on the FPM unix socket↗2014-04-30

▶

Cisco

Cisco Jabber for Windows Remote Code Execution Vulnerability↗2014-01-15

▶

💬Community

Bugzilla

CVE-2014-1875 perl-Capture-Tiny: insecure temporary file usage↗2014-02-06

▶