Cisco : Security Vulnerabilities, CVEs, Published In 2013 (Directory traversal) CVSS score >= 6
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.
Max CVSS
6.3
EPSS Score
0.07%
Published
2013-11-18
Updated
2013-11-19
Directory traversal vulnerability in the web-management interface in the server in Cisco Wide Area Application Services (WAAS) Mobile before 3.5.5 allows remote attackers to upload and execute arbitrary files via a crafted POST request, aka Bug ID CSCuh69773.
Max CVSS
7.5
EPSS Score
0.98%
Published
2013-11-08
Updated
2013-11-08
CVE-2013-5486
Public exploit
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute arbitrary commands by using the JBoss autodeploy functionality.
Max CVSS
10.0
EPSS Score
97.13%
Published
2013-09-23
Updated
2016-09-16
Multiple directory traversal vulnerabilities in Cisco Video Surveillance Manager (VSM) before 7.0.0 allow remote attackers to read system files via a crafted URL, related to the Cisco_VSBWT (aka Broadware sample code) package, aka Bug ID CSCsv37163.
Max CVSS
7.8
EPSS Score
0.27%
Published
2013-07-25
Updated
2017-08-29
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
Max CVSS
7.8
EPSS Score
0.11%
Published
2013-05-09
Updated
2013-07-08
Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series Aggregation Services Routers (ASR), when bridge domain interface (BDI) is enabled, allows remote attackers to cause a denial of service (card reload) via packets that are not properly handled during the processing of encapsulation, aka Bug ID CSCtt11558.
Max CVSS
7.1
EPSS Score
0.13%
Published
2013-04-11
Updated
2021-10-05
Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551.
Max CVSS
6.2
EPSS Score
0.04%
Published
2013-10-05
Updated
2016-09-22
Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary files via a full pathname in an image header, aka Bug ID CSCtq02706.
Max CVSS
6.6
EPSS Score
0.04%
Published
2013-10-02
Updated
2013-10-03
8 vulnerabilities found