Lucene search

PRIOn knowledge basePRION:CVE-2014-3418

HistoryJul 15, 2014 - 2:55 p.m.

Design/Logic Flaw

2014-07-1514:55:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.151 Low

EPSS

Percentile

95.7%

JSON

config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.

CPENameOperatorVersion
netmrieq6.8.2.11
netmrieq6.1.2
netmrieq6.2.1
netmrieq6.0.2.42
netmrile6.8.4
netmrieq6.2.1.48

Name	Operator	Version
netmri	eq	6.8.2.11
netmri	eq	6.1.2
netmri	eq	6.2.1
netmri	eq	6.0.2.42
netmri	le	6.8.4
netmri	eq	6.2.1.48

References

blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html

seclists.org/fulldisclosure/2014/Jul/35

www.securityfocus.com/archive/1/532709/100/0/threaded

www.securityfocus.com/bid/68471

exchange.xforce.ibmcloud.com/vulnerabilities/94449

github.com/depthsecurity/NetMRI-2014-3418

www.exploit-db.com/exploits/34030

8.1 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.151 Low

EPSS

Percentile

95.7%

JSON

Related for PRION:CVE-2014-3418