Published: 29/04/2015 Updated: 26/05/2016

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) prior to 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 prior to 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS prior to 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts).

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 15.1
ubuntu network-manager

NetworkManager would allow unintended access to files and modem device configuration ...

CWE-22 https://bugs.launchpad.net/ubuntu/%2Bsource/network-manager/%2Bbug/1449245 http://www.ubuntu.com/usn/USN-2581-1 https://usn.ubuntu.com/2581-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1322

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect