How severe is CVE-2012-5380?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.7 out of 10.

What type of vulnerability is CVE-2012-5380?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2012-5380

MEDIUM Year: 2012

CVSS v3 Score

6.7

Medium

CVSS v2 Score

6.0

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation

CVE-2018-1204

MEDIUM

CVSS:6.7(Medium)

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phon...

CWE-222018

CVE-2019-12666

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The...

CWE-222019

CVE-2019-1952

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid admi...

CWE-222019

CVE-2020-3236

MEDIUM

CVSS:6.7(Medium)

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwri...

CWE-222020

CVE-2021-29246

MEDIUM

CVSS:6.7(Medium)

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special c...

CWE-222021

CVE-2021-35230

MEDIUM

CVSS:6.7(Medium)

As a result of an unquoted service path vulnerability present in the Kiwi CatTools Installation Wizard, a local attacker could gain escalated privileges by inserting an executable into the path of the...

CWE-222021

CVE-2012-5380

Vulnerability Description

Related Vulnerabilities

CVE-2018-1204

CVE-2019-12666

CVE-2019-1952

CVE-2020-3236

CVE-2021-29246

CVE-2021-35230