CVEbaza.plCWE DictionaryCWE-249
Common Weakness Enumeration

CWE-249

DEPRECATED: Often Misused: Path Manipulation

Category: VariantCVE: 6
Description

This entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to CWE-785.

CVE vulnerabilities with CWE-249 (6)
9.8
CVSS
CRITICAL
CVE-2019-3932

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use this vulnerability to control external devices via the uart_bridge.

pub. 2019-04-30
6.7
CVSS
MEDIUM
CVE-2023-35003

Path transversal in some Intel(R) VROC software before version 8.0.8.1001 may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2024-02-14
6.7
CVSS
MEDIUM
CVE-2022-27229

Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2023-11-14
6.7
CVSS
MEDIUM
CVE-2023-32278

Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits - LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2023-11-14
6.7
CVSS
MEDIUM
CVE-2023-32655

Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NUC8HNK USB Type C power delivery controller installatio software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2023-11-14
6.7
CVSS
MEDIUM
CVE-2023-33878

Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

pub. 2023-11-14
Information
ID: CWE-249
Type: Variant
Vulnerabilities: 6
MITRE CWE ↗
← CWE Dictionary