- Description
- Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file.
- Source
- cret@cert.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:emerson:network_power_avocent_mergepoint_unity_2016_firmware:1.9.16473:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD1E7755-17BB-4465-8999-BCD0C5AEF5A5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:emerson:network_power_avocent_mergepoint_unity_2016_firmware:1.9.16473:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94C0BAF1-9C83-4AA9-AFCC-50FD958043F5"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]