CVE-2015-1322
published 2015-04-29CVE-2015-1322: Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before…
PriorityP422medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.53%
41.0th percentile
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | network-manager | — | — |
| network-manager_project | network-manager | >= 0 < 0.9.8.8-0ubuntu7.1 | 0.9.8.8-0ubuntu7.1 |
| ubuntu | network-manager | <= 0.9.8.7 | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
NetworkManager vulnerability
vendor_ubuntu·2015-04-28
CVE-2015-1322 NetworkManager vulnerability
Title: NetworkManager vulnerability
Summary: NetworkManager would allow unintended access to files and modem device
configuration.
Tavis Ormandy discovered that NetworkManager incorrectly filtered paths
when requested to read modem device contexts. A local attacker could
possibly use this issue to bypass privileges and manipulate modem device
configuration or read arbitrary files.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Debian
CVE-2015-1322: network-manager - Directory traversal vulnerability in the Ubuntu network-manager package for Ubun...
vendor_debian·2015·CVSS 4.6
CVE-2015-1322 [MEDIUM] CVE-2015-1322: network-manager - Directory traversal vulnerability in the Ubuntu network-manager package for Ubun...
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-w22p-5rfg-4229: Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0
ghsa_unreviewed·2022-05-17
CVE-2015-1322 [MEDIUM] CWE-22 GHSA-w22p-5rfg-4229: Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
OSV
CVE-2015-1322: Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0
osv·2015-04-28·CVSS 4.6
CVE-2015-1322 [MEDIUM] CVE-2015-1322: Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2015-04-29
Published