CVE-2014-0666

Published: Jan 16, 2014Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2(.1) and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056.

Affected (17)

Products: Cisco: Jabber

1 product

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Cisco Jabber	Up to 9.2\(.1\)
Cisco Jabber	Version 9.0
Cisco Jabber	Version 9.0(.0)
Cisco Jabber	Version 9.0(.1)
Cisco Jabber	Version 9.0(.2)
Cisco Jabber	Version 9.0(.3)
Cisco Jabber	Version 9.0(.4)
Cisco Jabber	Version 9.0(.5)
Cisco Jabber	Version 9.1
Cisco Jabber	Version 9.1(.0)
Cisco Jabber	Version 9.1(.1)
Cisco Jabber	Version 9.1(.2)
Cisco Jabber	Version 9.1(.3)
Cisco Jabber	Version 9.1(.4)
Cisco Jabber	Version 9.1(.5)
Cisco Jabber	Version 9.2
Cisco Jabber	Version 9.2(.0)

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (14)

http://osvdb.org/102122

Source: psirt@cisco.com

http://secunia.com/advisories/56331

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=32451

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/64965

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029635

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/90435

Source: psirt@cisco.com

http://osvdb.org/102122

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/56331

Source: af854a3a-2127-422b-91ae-364da2661108

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0666

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=32451

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/64965

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1029635

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/90435

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.