Lucene search

K
cve[email protected]CVE-2012-4701
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4701

2022-10-0316:15:33
CWE-22
web.nvd.nist.gov
35
cve-2012-4701
directory traversal
tridium niagara ax
vulnerability
remote attackers
sensitive files
arbitrary code
credentials
guest feature

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.

Affected configurations

NVD
Node
tridiumniagara_axMatch3.5
OR
tridiumniagara_axMatch3.6
OR
tridiumniagara_axMatch3.7

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.4%

Related for CVE-2012-4701