CVE-2013-1167 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.1 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:N/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 50%

Affected Products (NVD)

Vendor	Product	Version
cisco	ios_xe	3.2.00.xo.15.0\(2\)xo:xo.15
cisco	ios_xe	3.2.0s:s
cisco	ios_xe	3.2.0sg:sg
cisco	ios_xe	3.2.0xo:xo
cisco	ios_xe	3.2.1s:s
cisco	ios_xe	3.2.1sg:sg
cisco	ios_xe	3.2.2s:s
cisco	ios_xe	3.2.2sg:sg
cisco	ios_xe	3.2.3sg:sg
cisco	ios_xe	3.2.4sg:sg
cisco	ios_xe	3.3.0s:s
cisco	ios_xe	3.3.0sg:sg
cisco	ios_xe	3.3.1s:s
cisco	ios_xe	3.3.1sg:sg
cisco	ios_xe	3.3.2s:s
cisco	ios_xe	3.3.3s:s
cisco	ios_xe	3.4.0as:as
cisco	ios_xe	3.4.0s:s
cisco	ios_xe	3.4.1s:s
cisco	ios_xe	3.5.0s:s
cisco	ios_xe	3.5.1s:s
cisco	ios_xe	3.5.2s:s
cisco	ios_xe	3.5.xs:xs
cisco	asr_1001	-
cisco	asr_1002	-
cisco	asr_1002-x	-
cisco	asr_1002_fixed_router	-
cisco	asr_1004	-
cisco	asr_1006	-
cisco	asr_1013	-
cisco	asr_1023_router	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asr1000