CVE-2014-2626

Published Jul 26, 2014

Last updated 3 months ago

CVSS info 9.4

Overview

Description: Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.
Source: hp-security-alert@hp.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.4
Impact score: 9.2
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:N

Weaknesses

nvd@nist.gov: CWE-22

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hp:network_virtualization:8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD6E5166-6A01-4AF3-9CF1-140CB4A53D2A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2014-2626
http://secunia.com/advisories/60418
http://www.securitytracker.com/id/1030624
http://zerodayinitiative.com/advisories/ZDI-14-268/
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
http://secunia.com/advisories/60418
http://www.securitytracker.com/id/1030624
http://zerodayinitiative.com/advisories/ZDI-14-268/
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References