Emerson Network Power Avocent MergePoint Unity 2016 KVM Directory Traversal Vulnerability Network Vulnerability

Summary

Emerson Network Power Avocent MergePoint Unity 2016 KVM is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Impact

A remote attacker can exploit this issue to obtain sensitive information that could aid in further attacks.

Solution

Updates are available.

Insight

Directory traversal vulnerability on the Emerson Network Power Avocent MergePoint Unity 2016 (aka MPU2016) KVM switch with firmware 1.9.16473 allows remote attackers to read arbitrary files via unspecified vectors, as demonstrated by reading the /etc/passwd file.

Affected

Emerson Network Power Avocent MergePoint Unity 2016 KVM firmware 1.9.16473 is vulnerable other versions may also be affected.

Detection

Check the firmware version.

References

http://www.securityfocus.com/bid/65105

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6030
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ Multiple Vulnerabilities
@Mail WebMail Email Body HTML Injection Vulnerability
An Image Gallery Directory Traversal Vulnerability
Apple Safari Multiple Vulnerabilities
Apache Tomcat DOS Device Name XSS

Take action and discover your vulnerabilities