•
MEDIUM Severity
CVE-2025-5157
Critical vulnerability in H3C SecCenter SMP-E1114P02 up to 20250513 causing path traversal.
Overview
A critical vulnerability was found in H3C SecCenter SMP-E1114P02 affecting the function fileContent of the file /cfgFile/fileContent. It involves the manipulation of the argument filePath leading to path traversal.
Technical Details
The vulnerability involves the manipulation of the argument filePath which leads to path traversal. The attack can be initiated remotely. The flaw was identified in versions up to 20250513.
CVSS Metrics
- baseScore: 5.3
- baseSeverity: MEDIUM
- attackVector: NETWORK
- attackComplexity: LOW
- userInteraction required: NONE
- confidentialityImpact: LOW
- integrityImpact: NONE
Impact
The flaw could allow an attacker to obtain access to restricted files, potentially enabling further attacks.
Recommendations
Users are recommended to update to the latest versions of H3C SecCenter SMP-E1114P02 which are not affected by this vulnerability.
Threat Metrics
- cvss_score: 5.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW
- privileges_required: LOW
- user_interaction: NONE
- scope: UNCHANGED
- confidentiality_impact: LOW
- integrity_impact: NONE
- availability_impact: NONE