CVE-2014-0666: Path Traversal
First published: Thu Jan 16 2014(Updated: )
Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Jabber for Windows | <=9.2\(.1\) | |
| Cisco Jabber for Windows | =9.0 | |
| Cisco Jabber for Windows | =9.0\(.0\) | |
| Cisco Jabber for Windows | =9.0\(.1\) | |
| Cisco Jabber for Windows | =9.0\(.2\) | |
| Cisco Jabber for Windows | =9.0\(.3\) | |
| Cisco Jabber for Windows | =9.0\(.4\) | |
| Cisco Jabber for Windows | =9.0\(.5\) | |
| Cisco Jabber for Windows | =9.1 | |
| Cisco Jabber for Windows | =9.1\(.0\) | |
| Cisco Jabber for Windows | =9.1\(.1\) | |
| Cisco Jabber for Windows | =9.1\(.2\) | |
| Cisco Jabber for Windows | =9.1\(.3\) | |
| Cisco Jabber for Windows | =9.1\(.4\) | |
| Cisco Jabber for Windows | =9.1\(.5\) | |
| Cisco Jabber for Windows | =9.2 | |
| Cisco Jabber for Windows | =9.2\(.0\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/102122
- http://secunia.com/advisories/56331
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32451
- http://www.securityfocus.com/bid/64965
- http://www.securitytracker.com/id/1029635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90435
Frequently Asked Questions
What is the severity of CVE-2014-0666?
CVE-2014-0666 is rated as a high severity vulnerability due to the ability for remote attackers to upload arbitrary files.
How do I fix CVE-2014-0666?
To fix CVE-2014-0666, you should upgrade Cisco Jabber to the latest version that is not affected by this vulnerability.
Which versions of Cisco Jabber are affected by CVE-2014-0666?
CVE-2014-0666 affects Cisco Jabber versions 9.2(.1) and earlier, including all 9.1, 9.0, and earlier variants.
What are the consequences of exploiting CVE-2014-0666?
Exploiting CVE-2014-0666 can allow remote attackers to execute arbitrary code on the affected systems.
How can I verify if my Cisco Jabber installation is vulnerable to CVE-2014-0666?
You can verify the vulnerability of your Cisco Jabber installation by checking the version number against the affected versions listed for CVE-2014-0666.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco jabber for windows
- version/cisco jabber for windows/9.2\(.1\)
- version/cisco jabber for windows/9.0
- version/cisco jabber for windows/9.0\(.0\)
- version/cisco jabber for windows/9.0\(.1\)
- version/cisco jabber for windows/9.0\(.2\)
- version/cisco jabber for windows/9.0\(.3\)
- version/cisco jabber for windows/9.0\(.4\)
- version/cisco jabber for windows/9.0\(.5\)
- version/cisco jabber for windows/9.1
- version/cisco jabber for windows/9.1\(.0\)
- version/cisco jabber for windows/9.1\(.1\)
- version/cisco jabber for windows/9.1\(.2\)
- version/cisco jabber for windows/9.1\(.3\)
- version/cisco jabber for windows/9.1\(.4\)
- version/cisco jabber for windows/9.1\(.5\)
- version/cisco jabber for windows/9.2
- version/cisco jabber for windows/9.2\(.0\)