Vulnerability Description
Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2) on a client via modified pathnames, possibly due to a directory traversal issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Secure Elements | C5 Enterprise Vulnerability Management | All versions |
References
- http://secunia.com/advisories/20378PatchVendor Advisory
- http://securitytracker.com/id?1016184
- http://www.kb.cert.org/vuls/id/764025PatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/912217PatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/WDON-6QAJFA
- http://www.kb.cert.org/vuls/id/WDON-6QAPC5
- http://www.vupen.com/english/advisories/2006/2069
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26771
- http://secunia.com/advisories/20378PatchVendor Advisory
- http://securitytracker.com/id?1016184
- http://www.kb.cert.org/vuls/id/764025PatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/912217PatchThird Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/WDON-6QAJFA
- http://www.kb.cert.org/vuls/id/WDON-6QAPC5
- http://www.vupen.com/english/advisories/2006/2069
FAQ
What is CVE-2006-2717?
CVE-2006-2717 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2)...
How severe is CVE-2006-2717?
CVE-2006-2717 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2717?
Check the references section above for vendor advisories and patch information. Affected products include: Secure Elements C5 Enterprise Vulnerability Management.