CVE-2014-2352

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-2352
The directory specifier can include designators that can be used to traverse the directory path. Exploiting this vulnerability may enable an attacker to access a limited number of hardcoded file types. Further exploitation of this vulnerability may allow an attacker to cause the web server component to enter a denial-of-service condition.

7.8 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://cogentdatahub.com/Download_Software.html
https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02
http://ics-cert.us-cert.gov/advisories/ICSA-14-149-02 US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cogentdatahub:cogent_datahub:*:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.0:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.1.63:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.0:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.1:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.2:*:*:*:*:*:*:*
cpe:2.3:a:cogentdatahub:cogent_datahub:7.3.3:*:*:*:*:*:*:*
History

03 Oct 2025, 17:15

Type Values Removed Values Added
CVSS v2 : 6.4
v3 : unknown 		v2 : 7.8
v3 : unknown
Summary (en) Directory traversal vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to read arbitrary files of unspecified types, or cause a web-server denial of service, via a crafted pathname. (en) The directory specifier can include designators that can be used to traverse the directory path. Exploiting this vulnerability may enable an attacker to access a limited number of hardcoded file types. Further exploitation of this vulnerability may allow an attacker to cause the web server component to enter a denial-of-service condition.
References
  • () http://cogentdatahub.com/Download_Software.html -
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-14-149-02 -
Information

Published : 2014-05-30 23:55

Updated : 2025-10-03 17:15

NVD link : CVE-2014-2352

Mitre link : CVE-2014-2352

CVE.ORG link : CVE-2014-2352

JSON object : View

Products Affected

cogentdatahub

  • cogent_datahub
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')