CVE-2019-11013

moderate-risk
Published 2019-08-22

Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.

Do I need to act?

!
87.3% chance of exploitation in next 30 days
EPSS score — higher than 13% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
47301
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Softvelum

References (4)

Exploit http://packetstormsecurity.com/files/154196/Nimble-Streamer-3.x-Directory-Traver...
Exploit https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-...
Exploit http://packetstormsecurity.com/files/154196/Nimble-Streamer-3.x-Directory-Traver...
Exploit https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-...
49
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal