CVE-2006-0212
Last modified
CVE-2006-0212 is a vulnerability of currently unknown severity. Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.. EPSS estimates a 2.49% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Toshiba | Bluetooth Stack | <= 4.00.23t |
| Toshiba | Bluetooth Stack | 3.00.11 |
| Toshiba | Bluetooth Stack | 3.00.12 |
| Toshiba | Bluetooth Stack | 3.00.31a |
| Toshiba | Bluetooth Stack | 3.00.32 |
| Toshiba | Bluetooth Stack | 3.01.03 |
| Toshiba | Bluetooth Stack | 3.10.00 |
| Toshiba | Bluetooth Stack | 3.20.00 |
| Toshiba | Bluetooth Stack | 3.20.01 |
| Toshiba | Bluetooth Stack | 3.20.02 |
| Toshiba | Bluetooth Stack | 3.20.04 |
| Toshiba | Bluetooth Stack | 4.00.01t |
| Toshiba | Bluetooth Stack | 4.00.11 |
References
- http://secunia.com/advisories/18437Vendor Advisory
- http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txtExploit, Vendor Advisory
- http://secunia.com/advisories/18437Vendor Advisory
- http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txtExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-0212?
How severe is CVE-2006-0212?
How do I fix CVE-2006-0212?
Are you affected by CVE-2006-0212?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST