CVE-2015-1322Path Traversal in Network-manager

CWE-22Path Traversal6 documents6 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 93.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Network-manager Project Network-managerUbuntu Network-managerCanonical Ubuntu Linux
Timeline
PublishedApr 29
Latest updateMay 17

Description

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

Ubuntunetwork-manager_project/network-manager< 0.9.8.8-0ubuntu7.1

Also affects: Ubuntu Linux 14.04, 14.10, 15.1

🔴Vulnerability Details

3
GHSA
GHSA-w22p-5rfg-4229: Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 02022-05-17
CVEList
CVE-2015-1322: Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 02015-04-29
OSV
CVE-2015-1322: Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 02015-04-28

📋Vendor Advisories

2
Ubuntu
NetworkManager vulnerability2015-04-28
Debian
CVE-2015-1322: network-manager - Directory traversal vulnerability in the Ubuntu network-manager package for Ubun...2015
CVE-2015-1322 — Path Traversal in Network-manager | cvebase