CVE-2014-2084

Published May 17, 2014

Last updated 3 months ago

CVSS info 8.5

Overview

Description: Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 7.8
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Vendor comments

Skybox Securityhttps://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.3.31-2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEBA4FB7-9E0B-413D-9775-A03471A39BC7"
          },
          {
            "criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.3.33-2.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14422066-583B-4B1D-80EE-E19A563A1252"
          },
          {
            "criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.42-2.54:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF8F150D-CF01-442F-8CEA-BF27F1C7E79A"
          },
          {
            "criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.45-2.56:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4784E375-5E62-4619-8988-088D1BD99BD9"
          },
          {
            "criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.46-2.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E9D72E4-E263-468C-B610-0C96D1E256DC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:skyboxsecurity:skybox_view_appliance:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B2AE329-25C6-457C-A904-78742EA1FAC1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References