Lucene search

[email protected]CVE-2014-2626

HistoryJul 26, 2014 - 3:55 p.m.

CVE-2014-2626

2014-07-2615:55:03

CWE-22

[email protected]

web.nvd.nist.gov

hp network virtualization

cve-2014-2626

directory traversal

remote code execution

security vulnerability

nvd

zdi-can-2024

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

7.3 High

AI Score

Confidence

Low

0.86 High

EPSS

Percentile

98.6%

JSON

Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Affected configurations

NVD

Node

hpnetwork_virtualizationMatch8.6

CPENameOperatorVersion
hp:network_virtualizationhp network virtualizationeq8.6

CPE	Name	Operator	Version
hp:network_virtualization	hp network virtualization	eq	8.6

References

secunia.com/advisories/60418

www.securitytracker.com/id/1030624

zerodayinitiative.com/advisories/ZDI-14-268/

h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

7.3 High

AI Score

Confidence

Low

0.86 High

EPSS

Percentile

98.6%

JSON

Related for CVE-2014-2626

zdi1 prion1 nvd1 checkpoint_advisories1 attackerkb1 cvelist1 securityvulns2