Lucene search

K

[email protected]CVE-2014-2709

HistoryApr 23, 2014 - 3:55 p.m.

CVE-2014-2709

2014-04-2315:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

42

cve-2014-2709

cacti

remote execution

arbitrary commands

security vulnerability

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.0%

lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.

CPENameOperatorVersion
cacti:cacticactile0.8.7g
cacti:cacticactile0.8.8b
debian:debian_linuxdebian debian linuxeq8.0
debian:debian_linuxdebian debian linuxeq7.0

References

lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.html

lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.html

seclists.org/oss-sec/2014/q2/15

secunia.com/advisories/57647

secunia.com/advisories/59203

svn.cacti.net/viewvc?view=rev&revision=7439

www.debian.org/security/2014/dsa-2970

www.securityfocus.com/bid/66630

bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

security.gentoo.org/glsa/201509-03

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.0%

Related for CVE-2014-2709

prion1 debiancve1 ubuntucve1 nessus7 openvas12 fedora4 amazon1 mageia1 debian3 securityvulns2 osv1 gentoo1