CVE-2014-2565

The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 2.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://kb.bluecoat.com/index?page=content&id=SA78&actp=LIST	Vendor Advisory
https://kb.bluecoat.com/index?page=content&id=SA78&actp=LIST	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:bluecoat:content_analysis_system_software::::::::
	cpe:2.3:a:bluecoat:content_analysis_system_software:1.1:::::::*
	cpe:2.3:a:bluecoat:content_analysis_system_software:1.1.1.1:::::::*

cpe:2.3:h:bluecoat:content_analysis_system:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:06

Type	Values Removed	Values Added
References	~~() https://kb.bluecoat.com/index?page=content&id=SA78&actp=LIST - Vendor Advisory~~	() https://kb.bluecoat.com/index?page=content&id=SA78&actp=LIST - Vendor Advisory

Information

Published : 2014-04-30 14:22

Updated : 2024-11-21 02:06

NVD link : CVE-2014-2565

Mitre link : CVE-2014-2565

CVE.ORG link : CVE-2014-2565

JSON object : View

Products Affected

bluecoat

content_analysis_system_software
content_analysis_system

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2014-2565", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 2.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-30T14:22:06.377", "references": [{"url": "https://kb.bluecoat.com/index?page=content&id=SA78&actp=LIST", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://kb.bluecoat.com/index?page=content&id=SA78&actp=LIST", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to \"command injection.\""}, {"lang": "es", "value": "La interfaz commandline en Blue Coat Content Analysis System (CAS) 1.1 anterior a 1.1.4.2 permite a administradores remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados, relacionado con \"inyecci\u00f3n de comandos.\""}], "lastModified": "2024-11-21T02:06:32.307", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66C66E4D-ACDC-4A87-8D5A-9B6FBABE5C05", "versionEndIncluding": "1.1.2.1"}, {"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "372E4BC0-DB27-489F-91E3-8B16B98F667D"}, {"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:1.1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBF41DCF-B4D9-44EC-872E-21AF59BB1083"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bluecoat:content_analysis_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFE049E5-2839-42AF-99AE-E11328A2C729"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}