cbcvebase.
CVE-2015-2166
published 2015-04-06

CVE-2015-2166: Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read…

PriorityP345medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
26.23%
97.7th percentile
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.

Affected

3 ranges
VendorProductVersion rangeFixed in
ericssondrutt_mobile_service_delivery_platform
ericssondrutt_mobile_service_delivery_platform
ericssondrutt_mobile_service_delivery_platform

Detection & IOCsextracted from sources · hover to see the quote

url/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc/passwd
url/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fopt/drutt/msdp/manager/conf/props/msdp-users.properties
url/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f/opt/drutt/msdp/manager/conf/ccContext.properties
path/opt/drutt/msdp/manager/conf/props/msdp-users.properties
path/opt/drutt/msdp/manager/conf/ccContext.properties
  • Detect directory traversal attempts against Ericsson Drutt MSDP Instance Monitor by looking for '..%2f' sequences in HTTP GET request URIs — the encoded slash bypasses naive path sanitization.
  • Alert on unauthenticated HTTP GET requests containing 12 or more consecutive '..%2f' traversal segments targeting the Instance Monitor component.
  • Flag HTTP responses with status 200 whose body matches 'root:.*:0:0:' as a successful LFI exploitation indicator for /etc/passwd exfiltration.
  • Monitor for access attempts to sensitive MSDP-specific credential and configuration files: msdp-users.properties and ccContext.properties via traversal paths.
  • ·The traversal is exploitable without authentication ('unauthenticated remote attacker'), so no credential-based filtering can be used to reduce false positives in detection rules.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.