CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2012-6609

Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://seclists.org/fulldisclosure/2012/Mar/18
https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html
http://seclists.org/fulldisclosure/2012/Mar/18
https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html

Products affected by CVE-2012-6609

Polycom » Hdx Video End Points » Version: Any

cpe:2.3:a:polycom:hdx_video_end_points:*
Polycom » Uc Apl » Version: Any

cpe:2.3:a:polycom:uc_apl:*
Polycom » Hdx 8000 » Version: N/A

cpe:2.3:h:polycom:hdx_8000:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2012-6609

Products

Pricing

Contact Us