CVE-2014-4867

Published Oct 10, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program.
Source: cret@cert.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 10
Exploitability score: 3.1
Vector string: AV:L/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C2F2ECF-6FD0-47D0-8F6A-06AA5AFCC040"
          },
          {
            "criteria": "cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.0:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B41B986-9DCE-49C9-942C-D68654EFD090"
          },
          {
            "criteria": "cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91DA1A98-E9BD-4986-BE55-707519C662D9"
          },
          {
            "criteria": "cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.1:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FDD0DB8-32CE-4BA4-9362-10C27C5E9713"
          },
          {
            "criteria": "cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "758F8F2D-6C9F-4388-A6BD-F99E987B5E85"
          },
          {
            "criteria": "cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8134FF8A-B4B4-4E12-B7C0-C63FB61811EA"
          },
          {
            "criteria": "cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ADC9651-0F52-45DB-9AE7-00EE1DF762D6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References