Lucene search

MitreCVE-2014-4152

HistoryJun 18, 2014 - 7:55 p.m.

CVE-2014-4152

2014-06-1819:55:06

CWE-94

mitre

web.nvd.nist.gov

cve-2014-4152

av-centerd

soap service

alienvault ossim

remote code execution

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.644

Percentile

97.9%

JSON

The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key.

Affected configurations

Nvd

Node

alienvaultopen_source_security_information_managementRange≤4.7.0

alienvaultopen_source_security_information_managementMatch4.0

alienvaultopen_source_security_information_managementMatch4.3.3

alienvaultopen_source_security_information_managementMatch4.4

alienvaultopen_source_security_information_managementMatch4.5

alienvaultopen_source_security_information_managementMatch4.6

alienvaultopen_source_security_information_managementMatch4.6.1

VendorProductVersionCPE
alienvaultopen_source_security_information_management*cpe:2.3:a:alienvault:open_source_security_information_management:*:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management4.0cpe:2.3:a:alienvault:open_source_security_information_management:4.0:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management4.3.3cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management4.4cpe:2.3:a:alienvault:open_source_security_information_management:4.4:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management4.5cpe:2.3:a:alienvault:open_source_security_information_management:4.5:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management4.6cpe:2.3:a:alienvault:open_source_security_information_management:4.6:*:*:*:*:*:*:*
alienvaultopen_source_security_information_management4.6.1cpe:2.3:a:alienvault:open_source_security_information_management:4.6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
alienvault	open_source_security_information_management	*	cpe:2.3:a:alienvault:open_source_security_information_management::::::::
alienvault	open_source_security_information_management	4.0	cpe:2.3:a:alienvault:open_source_security_information_management:4.0:::::::*
alienvault	open_source_security_information_management	4.3.3	cpe:2.3:a:alienvault:open_source_security_information_management:4.3.3:::::::*
alienvault	open_source_security_information_management	4.4	cpe:2.3:a:alienvault:open_source_security_information_management:4.4:::::::*
alienvault	open_source_security_information_management	4.5	cpe:2.3:a:alienvault:open_source_security_information_management:4.5:::::::*
alienvault	open_source_security_information_management	4.6	cpe:2.3:a:alienvault:open_source_security_information_management:4.6:::::::*
alienvault	open_source_security_information_management	4.6.1	cpe:2.3:a:alienvault:open_source_security_information_management:4.6.1:::::::*

References

forums.alienvault.com/discussion/2806

secunia.com/advisories/59112

www.zerodayinitiative.com/advisories/ZDI-14-206/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.644

Percentile

97.9%

JSON

Related for CVE-2014-4152