CVE-2014-2626

Published Jul 26, 2014

Last updated 8 years ago

Overview

Description: Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.
Source: hp-security-alert@hp.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.4
Impact score: 9.2
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:N

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hp:network_virtualization:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD6E5166-6A01-4AF3-9CF1-140CB4A53D2A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References