Lucene search

K
cve[email protected]CVE-2012-4701
HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4701

2022-10-0316:15:33
CWE-22
web.nvd.nist.gov
35
cve-2012-4701
directory traversal
tridium niagara ax
vulnerability
remote attackers
sensitive files
arbitrary code
credentials
guest feature

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.006

Percentile

78.4%

Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.

Affected configurations

NVD
Node
tridiumniagara_axMatch3.5
OR
tridiumniagara_axMatch3.6
OR
tridiumniagara_axMatch3.7
VendorProductVersionCPE
tridiumniagara_ax3.6cpe:/a:tridium:niagara_ax:3.6:::
tridiumniagara_ax3.7cpe:/a:tridium:niagara_ax:3.7:::
tridiumniagara_ax3.5cpe:/a:tridium:niagara_ax:3.5:::

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.006

Percentile

78.4%

Related for CVE-2012-4701