Lucene search

[email protected]NVD:CVE-2014-3486

HistoryJul 07, 2014 - 2:55 p.m.

CVE-2014-3486

2014-07-0714:55:04

CWE-59

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.

Affected configurations

NVD

Node

redhatcloudforms_3.0_management_engineRange≤5.2.4

redhatcloudforms_3.0_management_engineMatch5.2

redhatcloudforms_3.0_management_engineMatch5.2.1

redhatcloudforms_3.0_management_engineMatch5.2.1.6

redhatcloudforms_3.0_management_engineMatch5.2.2

redhatcloudforms_3.0_management_engineMatch5.2.3

redhatcloudforms_3.0_management_engineMatch5.2.3.2

References

rhn.redhat.com/errata/RHSA-2014-0816.html

www.securityfocus.com/bid/68300

bugzilla.redhat.com/show_bug.cgi?id=1107528

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2014-3486

cve1 prion1 cvelist1 veracode5 redhat1