CVE-2014-2276

high

Description

The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/91987

http://www.securitytracker.com/id/1029939

http://www.securityfocus.com/bid/66308

http://secunia.com/advisories/57513

http://archives.neohapsis.com/archives/bugtraq/2014-03/0115.html

Details

Source: Mitre, NVD

Published: 2014-03-21

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00435