CVE-2014-5068

HIGH

Symmetricom s350i 2.70.15 - Path Traversal via Dot-Dot-Slash Sequences

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) before a file name.

References (1)

Core 1

Scores

CVSS v3 7.5
EPSS 0.0271
EPSS Percentile 84.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
microsemi/s350i_firmware 2.70.15
Published Jan 11, 2018
Tracked Since Feb 18, 2026