Sign-up

ID

VAR-201410-0029


CVE

CVE-2013-3304


TITLE

Dell EqualLogic PS4000 Directory traversal vulnerability in some firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-006670

DESCRIPTION

Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI. Dell EqualLogicis prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to gain access to arbitrary system files. Information harvested may aid in launching further attacks. Dell EqualLogic Firmware versions 6.0 through 6.0.3 are vulnerable. Dell EqualLogic PS4000 is a server disk array product of Dell (Dell), which integrates storage devices, blade servers and network devices into an expandable virtualized data center

Trust: 1.98

sources: NVD: CVE-2013-3304 // JVNDB: JVNDB-2013-006670 // BID: 70760 // VULHUB: VHN-63306

AFFECTED PRODUCTS

vendor:dellmodel:equallogic ps4000scope:eqversion:6.0

Trust: 2.4

sources: JVNDB: JVNDB-2013-006670 // CNNVD: CNNVD-201410-1350 // NVD: CVE-2013-3304

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3304
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3304
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201410-1350
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63306
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3304
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-63306
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63306 // JVNDB: JVNDB-2013-006670 // CNNVD: CNNVD-201410-1350 // NVD: CVE-2013-3304

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-63306 // JVNDB: JVNDB-2013-006670 // NVD: CVE-2013-3304

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-1350

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201410-1350

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006670

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-63306

PATCH
title:EqualLogic PS4000E iSCSI SAN Storageurl:http://www.dell.com/us/business/p/equallogic-ps4000e/pd
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006670

EXTERNAL IDS
db:NVDid:CVE-2013-3304
Trust: 2.8
db:BIDid:70760
Trust: 2.0
db:EXPLOIT-DBid:35056
Trust: 1.7
db:JVNDBid:JVNDB-2013-006670
Trust: 0.8
db:CNNVDid:CNNVD-201410-1350
Trust: 0.7
db:SEEBUGid:SSVID-87374
Trust: 0.1
db:VULHUBid:VHN-63306
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63306 // 
            
            
            
            BID: 70760 // 
            
            
            
            JVNDB: JVNDB-2013-006670 // 
            
            
            
            CNNVD: CNNVD-201410-1350 // 
            
            
            
            NVD: CVE-2013-3304

REFERENCES
url:https://www.xlabs.com.br/blog/?p=50
Trust: 2.5
url:http://www.securityfocus.com/bid/70760
Trust: 1.7
url:http://www.exploit-db.com/exploits/35056
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3304
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3304
Trust: 0.8
url:http://dell.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63306 // 
            
            
            
            BID: 70760 // 
            
            
            
            JVNDB: JVNDB-2013-006670 // 
            
            
            
            CNNVD: CNNVD-201410-1350 // 
            
            
            
            NVD: CVE-2013-3304

CREDITS
Mauricio Correa
Trust: 0.9
sources:
            
            
            BID: 70760 // 
            
            
            
            CNNVD: CNNVD-201410-1350

SOURCES
db:VULHUBid:VHN-63306
db:BIDid:70760
db:JVNDBid:JVNDB-2013-006670
db:CNNVDid:CNNVD-201410-1350
db:NVDid:CVE-2013-3304

LAST UPDATE DATE
2025-04-13T23:27:36.399000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63306date:2014-10-31T00:00:00
db:BIDid:70760date:2014-11-10T00:57:00
db:JVNDBid:JVNDB-2013-006670date:2014-11-04T00:00:00
db:CNNVDid:CNNVD-201410-1350date:2014-10-31T00:00:00
db:NVDid:CVE-2013-3304date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-63306date:2014-10-30T00:00:00
db:BIDid:70760date:2014-10-25T00:00:00
db:JVNDBid:JVNDB-2013-006670date:2014-11-04T00:00:00
db:CNNVDid:CNNVD-201410-1350date:2014-10-29T00:00:00
db:NVDid:CVE-2013-3304date:2014-10-30T14:55:06.727