•
MEDIUM Severity
CVE-2025-5160
Path Traversal vulnerability discovered in H3C SecCenter SMP-E1114P02
Overview
This exploit involves a path traversal vulnerability discovered in H3C SecCenter SMP-E1114P02 enabling an attacker to manipulate the argument 'Name' in the 'Download' function of the file /packetCaptureStrategy/download.
Technical Details
The vulnerability was located in the 'Download' function of the file /packetCaptureStrategy/download. By exploiting this bug, an attacker could manipulate the 'Name' argument leading to an unexpected path traversal. The vulnerability can be exploited remotely.
CVSS Metrics
- Base Score: 5.3
- Attack Vector: NETWORK
- Attack Complexity: LOW
- User Interaction: NONE
- Confidentiality Impact: LOW
- Integrity Impact: NONE
- Availability Impact: NONE
- Privileges Required: LOW
- Vulnerability Scope:UNCHANGED
Impact
This vulnerability can be exploited by an external entity to modify or access restricted data, leading to unauthorized release of confidential information.
Recommendations
- Patch or update your H3C SecCenter SMP-E1114P02 to the latest version.
- Utilize a firewall to block incoming network traffic from unknown sources.
Threat Metrics
- cvss_score: 5.3
- severity: MEDIUM
- attack_vector: NETWORK
- attack_complexity: LOW
- privileges_required: LOW