•
MEDIUM Severity
CVE-2025-5159
Vulnerability in H3C SecCenter SMP-E1114P02 allowing path traversal
Overview
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to version 20250513. This issue lies in the Download function of the file /cfgFile/1/download, where the manipulation of the argument Name leads to path traversal.
Technical Details
The vulnerability allows for path traversal due to the improper handling of the 'Name' argument in the Download function of the file /cfgFile/1/download. The attack can be initiated remotely and does not require user interaction.
CVSS Metrics
- Base score: 5.3
- Attack vector: NETWORK
- Attack complexity: LOW
- Required privileges: LOW
- User interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: NONE
- Availability Impact: NONE
Impact
The attacker can access arbitrary files beyond the intended directories.
Recommendations
- Update to a fixed version of the software.
- Limit access to the network depending on business requirements.
- Regularly review and audit the system for suspicious activities.
Threat Metrics
- "cvss_score": 5.3
- "severity": "MEDIUM"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"