CVE-2014-2352

The directory specifier can include designators that can be used to traverse the directory path. Exploiting this vulnerability may enable an attacker to access a limited number of hardcoded file types. Further exploitation of this vulnerability may allow an attacker to cause the web server component to enter a denial-of-service condition.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://cogentdatahub.com/Download_Software.html
https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02
http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cogentdatahub:cogent_datahub::::::::
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:::::::*
	cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:::::::*

History

03 Oct 2025, 17:15

Type	Values Removed	Values Added
Summary	(en) Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname.	(en) The directory specifier can include designators that can be used to traverse the directory path. Exploiting this vulnerability may enable an attacker to access a limited number of hardcoded file types. Further exploitation of this vulnerability may allow an attacker to cause the web server component to enter a denial-of-service condition.
CVSS	v2 : ~~6.4~~ v3 : ~~unknown~~	v2 : 7.8 v3 : unknown
References		() http://cogentdatahub.com/Download_Software.html - () https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02 -

21 Nov 2024, 02:06

Type	Values Removed	Values Added
References	~~() http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 - US Government Resource~~	() http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 - US Government Resource

Information

Published : 2014-05-30 23:55

Updated : 2025-10-03 17:15

NVD link : CVE-2014-2352

Mitre link : CVE-2014-2352

CVE.ORG link : CVE-2014-2352

JSON object : View

Products Affected

cogentdatahub

cogent_datahub

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

7.8 /10