CVE-2016-8206 - OpenCVE

A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Brocade	Network Advisor

Configuration 1 [-]

cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/95692	Third Party Advisory VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-17-051
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: brocade

Published: 2017-01-14T19:00:00

Updated: 2018-05-09T09:57:01

Reserved: 2016-09-13T00:00:00

Link: CVE-2016-8206

JSON object: View

NVD Information

Status : Modified

Published: 2017-01-14T19:59:00.273

Modified: 2018-05-10T01:29:01.440

Link: CVE-2016-8206

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Brocade Network Advisor versions released prior to and including 14.0.2", "vendor": "n/a", "versions": [{"status": "affected", "version": "Brocade Network Advisor versions released prior to and including 14.0.2"}]}], "datePublic": "2017-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files."}], "problemTypes": [{"descriptions": [{"description": "Directory Traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-09T09:57:01", "orgId": "87b297d7-335e-4844-9551-11b97995a791", "shortName": "brocade"}, "references": [{"name": "95692", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/95692"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-051"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "sirt@brocade.com", "ID": "CVE-2016-8206", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Brocade Network Advisor versions released prior to and including 14.0.2", "version": {"version_data": [{"version_value": "Brocade Network Advisor versions released prior to and including 14.0.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory Traversal"}]}]}, "references": {"reference_data": [{"name": "95692", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95692"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-17-051", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-051"}, {"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179", "refsource": "CONFIRM", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179"}, {"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us"}]}}}}, "cveMetadata": {"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791", "assignerShortName": "brocade", "cveId": "CVE-2016-8206", "datePublished": "2017-01-14T19:00:00", "dateReserved": "2016-09-13T00:00:00", "dateUpdated": "2018-05-09T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:brocade:network_advisor:*:*:*:*:*:*:*:*", "matchCriteriaId": "549F2607-DC42-46B1-AC0E-353C252EA3CB", "versionEndIncluding": "14.0.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Directory Traversal vulnerability in servlet SoftwareImageUpload in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to write to arbitrary files, and consequently delete the files."}, {"lang": "es", "value": "Una vulnerabilidad de salto de directorio en el servlet SoftwareImageUpload en las versiones Brocade Network Advisor liberadas anteriormente e incluyendo a la 14.0.2 podr\u00edan permitir a atacantes remotos escribir archivos arbitrarios, y consecuentemente eliminar los archivos."}], "id": "CVE-2016-8206", "lastModified": "2018-05-10T01:29:01.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-14T19:59:00.273", "references": [{"source": "sirt@brocade.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/95692"}, {"source": "sirt@brocade.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-051"}, {"source": "sirt@brocade.com", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us"}, {"source": "sirt@brocade.com", "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-179"}], "sourceIdentifier": "sirt@brocade.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}