CVE-2014-4870

/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.kb.cert.org/vuls/id/111588	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:brocade:vyatta_5400_vrouter_software:6.4:::::::*
	cpe:2.3:a:brocade:vyatta_5400_vrouter_software:6.6:::::::*
	cpe:2.3:a:brocade:vyatta_5400_vrouter_software:6.7:::::::*

cpe:2.3:h:brocade:vyatta_5400_vrouter:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-10-07 10:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-4870

Mitre link : CVE-2014-4870

CVE.ORG link : CVE-2014-4870

JSON object : View

Products Affected

brocade

vyatta_5400_vrouter
vyatta_5400_vrouter_software

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2014-4870", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-07T10:55:04.387", "references": [{"url": "http://www.kb.cert.org/vuls/id/111588", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration."}, {"lang": "es", "value": "/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl en el vRouter Brocade Vyatta 5400 6.4R(x), 6.6R(x), y 6.7R1 no valida debidamente los par\u00e1metros, lo que permite a usuarios locales ganar privilegios mediante el aprovechamiento de la configuraci\u00f3n sudo."}], "lastModified": "2014-10-07T23:02:10.627", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:brocade:vyatta_5400_vrouter_software:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06899348-8216-4A9B-968B-6BD58DC00F2F"}, {"criteria": "cpe:2.3:a:brocade:vyatta_5400_vrouter_software:6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "993BE009-53F0-4B20-9682-8C428621DEE7"}, {"criteria": "cpe:2.3:a:brocade:vyatta_5400_vrouter_software:6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "728699C7-BBD3-4828-9AF2-7248C205D297"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:brocade:vyatta_5400_vrouter:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11F509C4-3324-46B7-9556-73613F6209CD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org"}