10
CVE-2013-6810
- EPSS 17%
- Veröffentlicht 12.12.2013 17:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to upload an executable file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Emc ≫ Connectrix Manager Version11.2.1 Update- Edition- SwEditionconverged_network_edition
Emc ≫ Connectrix Manager Version12.0.1 Update- Edition- SwEditionconverged_network_edition
Emc ≫ Connectrix Manager Version12.0.3 Update- Edition- SwEditionconverged_network_edition
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17% | 0.967 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
http://archives.neohapsis.com/archives/bugtraq/2013-12/0053.html
http://marc.info/?l=bugtraq&m=138723620521347&w=2
http://secunia.com/advisories/56143
http://www.attrition.org/pipermail/vim/2014-January/002755.html
http://www.securitytracker.com/id/1029485
http://www.zerodayinitiative.com/advisories/ZDI-13-283/
https://exchange.xforce.ibmcloud.com/vulnerabilities/90728
https://www.exploit-db.com/exploits/42701/
https://www.exploit-db.com/exploits/42702/