CVE-2014-5068

Name of the Vulnerable Software and Affected Versions Symmetricom s350i version 2.70.15

Description The issue allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) .. (dot dot forward slash) before a file name. This is a directory traversal vulnerability in the web application.

Recommendations For Symmetricom s350i version 2.70.15, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, restrict the use of ../ (dot dot slash) and .. (dot dot forward slash) in file names until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.