CVE-2013-6030: Path Traversal
First published: Fri Jan 24 2014(Updated: )
Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Emerson Network Power Avocent Mergepoint Unity 2016 Firmware | =1.9.16473 | |
| Emerson Network Power Avocent Mergepoint Unity 2016 Firmware | =1.9.16473 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-6030?
CVE-2013-6030 is classified as a medium-severity vulnerability due to its potential for remote file reading.
How do I fix CVE-2013-6030?
To fix CVE-2013-6030, update the firmware of the Emerson Network Power Avocent MergePoint Unity 2016 to the latest version.
What does CVE-2013-6030 allow an attacker to do?
CVE-2013-6030 allows remote attackers to exploit a directory traversal vulnerability to read arbitrary files on the KVM switch.
Which devices are affected by CVE-2013-6030?
CVE-2013-6030 affects the Emerson Network Power Avocent MergePoint Unity 2016 KVM switch running firmware version 1.9.16473.
Is CVE-2013-6030 exploitable remotely?
Yes, CVE-2013-6030 is exploitable remotely, allowing attackers to access sensitive files without physical access.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/tags
- agent/author
- agent/event
- agent/source
- vendor/emerson
- canonical/emerson network power avocent mergepoint unity 2016 firmware
- version/emerson network power avocent mergepoint unity 2016 firmware/1.9.16473