CVE-2014-1644
Published Mar 29, 2014
Last updated 11 years ago
Overview
- Description
- The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.
- Source
- secure@symantec.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-255
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30E31DE4-79FD-46CB-B4EF-97C71314F6DD",
"versionEndIncluding": "2.3.2"
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C6436A5-ED76-4A14-B0B7-F34ED9A103B4"
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B411C8E3-5C1E-4C05-85EB-27EDDF1BEEF3"
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4DA63E2-6474-4DFC-B3D8-74164227385D"
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20DC932C-BD80-43C0-A3F8-DC65F0EE1FFE"
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C2DE1CE-8A1D-4BEB-86A2-EF5501789A97"
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.2.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6810DD57-BF79-4F38-81C5-8F2B69577E35"
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C05A008-A1A0-4CDE-B235-785316EE0055"
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BFF96B5-8BC2-47CA-94CC-CD9144E939AC"
}
],
"operator": "OR"
}
]
}
]