Emerson Network Power Avocent MergePoint Unity 2016 KVM Directory Traversal Vulnerability Network Vulnerability

Summary

Emerson Network Power Avocent MergePoint Unity 2016 KVM is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Impact

A remote attacker can exploit this issue to obtain sensitive information that could aid in further attacks.

Solution

Updates are available.

Insight

Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file.

Affected

Emerson Network Power Avocent MergePoint Unity 2016 KVM firmware 1.9.16473 is vulnerable other versions may also be affected.

Detection

Check the firmware version.

References

http://www.securityfocus.com/bid/65105

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6030

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities