CVE-2016-8205
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
A Directory Traversal vulnerability in DashboardFileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| brocade | network_advisor | {"endIncluding":"14.0.2"} | |
References
- http://www.securityfocus.com/bid/95694
- http://www.zerodayinitiative.com/advisories/ZDI-17-050
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-178
- http://www.securityfocus.com/bid/95694
- http://www.zerodayinitiative.com/advisories/ZDI-17-050
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03785en_us
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-178
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.