Path Traversal in Cisco Jabber

CVE-2014-0666

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified pa…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.104 (93.3th percentile) — read the EPSS interpretation.

Affected products

Cisco Jabber — versions 9.0, 9.0\(.0\), 9.0\(.1\)
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

1029635 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20140115 Cisco Jabber for Windows Remote Code Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
56331 (x_refsource_SECUNIA, third-party-advisory)
64965 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cisco-jabber-cve20140666-code-exec(90435) (vdb-entry, x_refsource_XF)
102122 (x_refsource_OSVDB, vdb-entry)