CVE-2010-1577

Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/66508
http://secunia.com/advisories/40701	Vendor Advisory
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3bd1c.shtml	Patch Vendor Advisory
http://www.securitytracker.com/id?1024234
http://www.vupen.com/english/advisories/2010/1881	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/60567

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:internet_streamer:2.2\(1\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.3\(1\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.3\(3\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.3\(5\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.3\(7\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.3\(9\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.4\(1\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.4\(3\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.4\(5\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.5\(1\):::::::*
	cpe:2.3:a:cisco:internet_streamer:2.5\(3\):::::::*

cpe:2.3:a:cisco:content_delivery_system:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-07-28 12:48

Updated : 2023-12-10 11:03

NVD link : CVE-2010-1577

Mitre link : CVE-2010-1577

CVE.ORG link : CVE-2010-1577

JSON object : View

Products Affected

cisco

internet_streamer
content_delivery_system

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2010-1577", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-07-28T12:48:52.463", "references": [{"url": "http://osvdb.org/66508", "source": "ykramarz@cisco.com"}, {"url": "http://secunia.com/advisories/40701", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3bd1c.shtml", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id?1024234", "source": "ykramarz@cisco.com"}, {"url": "http://www.vupen.com/english/advisories/2010/1881", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60567", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Cisco Internet Streamer, usado en Cisco Content Delivery System (CDS) v2.2.x, v2.3.x, v2.4.x, y v2.5.x anterior a v2.5.7, permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de una URL manipulada."}], "lastModified": "2017-08-17T01:32:24.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:internet_streamer:2.2\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A355FDB-1D1A-4AD2-A7EB-7F6BD0C0510D"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.3\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D98295A3-A1F9-4DCC-A0B1-76B0A5491324"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.3\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8657D61D-BA06-4D0E-AAD2-E43101992509"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.3\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46ED5C00-821B-4833-B859-D2CB4C1EF691"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.3\\(7\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A75C02F-61B8-4831-A1F7-7888DF0C164C"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.3\\(9\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16B00678-CF1E-4971-B2BE-4A86D0AEB825"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.4\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88C2AD41-B550-4EE8-9276-15B999A812AB"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.4\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F27D26-AB37-4F78-A866-7A3FF4BA048C"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.4\\(5\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB985228-A581-4E98-B5D0-788B016B27AC"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48B82A9D-FEEE-4734-95BF-C1AEDC330349"}, {"criteria": "cpe:2.3:a:cisco:internet_streamer:2.5\\(3\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A55DDBD-2FAC-442C-8B09-38BBC6C93E7C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:content_delivery_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "052532BD-AE1E-47D8-8814-B6B873CCFAB2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}