CVE-2014-2626

HP Network Virtualization <8.6 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030624

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60418

Vendor Advisory vendor-advisory x_refsource_hp

https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202

Third Party Advisory x_refsource_misc

http://zerodayinitiative.com/advisories/ZDI-14-268/

Scores

EPSS 0.4045

EPSS Percentile 97.4%

Details

CWE

CWE-22

Status published

Products (1)

hp/network_virtualization 8.6

Published Jul 26, 2014

Tracked Since Feb 18, 2026