Summary
Emerson Network Power Avocent MergePoint Unity 2016 KVM is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
Impact
A remote attacker can exploit this issue to obtain sensitive information that could aid in further attacks.
Solution
Updates are available.
Insight
Directory traversal vulnerability on the Emerson
Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file.
Affected
Emerson Network Power Avocent MergePoint Unity 2016 KVM firmware 1.9.16473 is vulnerable
other versions may also be affected.
Detection
Check the firmware version.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-6030 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- 123 Flash Chat Multiple Security Vulnerabilities