Lucene search
HistoryJun 20, 2014 - 2:55 p.m.
CVE-2014-0007
smart-proxy
foreman
cve-2014-0007
security vulnerability
remote code execution
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.037 Low
EPSS
Percentile
91.9%
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
Affected configurations
Node
theforemanforemanRange≤1.4.4
ORtheforemanforemanMatch1.4.0
ORtheforemanforemanMatch1.4.1
ORtheforemanforemanMatch1.4.2
ORtheforemanforemanMatch1.4.3
ORtheforemanforemanMatch1.5.0
Related
veracode
veracode
OS Command Injection
2019-01-15 08:54:13
cvelist
cvelist
CVE-2014-0007
2014-06-20 14:00:00
nvd
nvd
CVE-2014-0007
2014-06-20 14:55:06
prion
prion
Design/Logic Flaw
2014-06-20 14:55:00
nessus
nessus
RHEL 6 : foreman-proxy (RHSA-2014:0770)
2024-04-24 00:00:00
Foreman Smart-Proxy TFTP Remote Command Injection
2014-07-17 00:00:00
redhat
redhat
(RHSA-2014:0770) Critical: foreman-proxy security update
2014-06-19 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
Low
0.037 Low
EPSS
Percentile
91.9%
Related for CVE-2014-0007