Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.
References
Configurations
History
21 Nov 2024, 02:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/60418 - | |
References | () http://www.securitytracker.com/id/1030624 - | |
References | () http://zerodayinitiative.com/advisories/ZDI-14-268/ - | |
References | () https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202 - Vendor Advisory |
Information
Published : 2014-07-26 15:55
Updated : 2024-11-21 02:06
NVD link : CVE-2014-2626
Mitre link : CVE-2014-2626
CVE.ORG link : CVE-2014-2626
JSON object : View
Products Affected
hp
- network_virtualization
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')