3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.4%
A security vulnerability has been discovered in sudo used with IBM Security Network Intrusion Prevention System.
CVEID: CVE-2014-9680**
DESCRIPTION:** Todd Miller sudo could allow a local attacker to bypass security restrictions, caused by the failure to check the TZ environment variable prior to passing through the TZ parser. An attacker could exploit this vulnerability to cause a denial of service and launch further attacks on the system.
CVSS Base Score: 3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101202 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:P/A:P)
Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3
Product
| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Intrusion Prevention System | Firmware version 4.6.2| 4.6.2.0-ISS-ProvG-AllModels-System-FP0012
IBM Security Network Intrusion Prevention System | Firmware version 4.6.1| 4.6.1.0-ISS-ProvG-AllModels-System-FP0016
IBM Security Network Intrusion Prevention System | Firmware version 4.6| 4.6.0.0-ISS-ProvG-AllModels-System-FP0014
IBM Security Network Intrusion Prevention System | Firmware version 4.5| 4.5.0.0-ISS-ProvG-AllModels-System-FP0016
IBM Security Network Intrusion Prevention System | Firmware version 4.4| 4.4.0.0-ISS-ProvG-AllModels-System-FP0016
IBM Security Network Intrusion Prevention System | Firmware version 4.3| 4.3.0.0-ISS-ProvG-AllModels-System-FP0014
None
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.4%