Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:C/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Cisco
  • Content Delivery System
  • Internet Streamer

Configuration 1 [-]

AND
OR cpe:2.3:a:cisco:internet_streamer:2.2\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.3\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.3\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.3\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.3\(7\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.3\(9\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.4\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.4\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.4\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:internet_streamer:2.5\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_delivery_system:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://osvdb.org/66508 cve-icon cve-icon
http://secunia.com/advisories/40701 cve-icon cve-icon
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3bd1c.shtml cve-icon cve-icon
http://www.securitytracker.com/id?1024234 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/1881 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/60567 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2010-07-27T22:00:00

Updated: 2024-08-07T01:28:42.356Z

Reserved: 2010-04-27T00:00:00

Link: CVE-2010-1577

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-07-28T12:48:52.463

Modified: 2017-08-17T01:32:24.727

Link: CVE-2010-1577

cve-icon Redhat

No data.