Lucene search

CertccCVE-2014-2955

HistoryJul 14, 2014 - 9:55 p.m.

CVE-2014-2955

2014-07-1421:55:05

CWE-287

certcc

web.nvd.nist.gov

cve-2014-2955

raritan px

authentication bypass

ipmi

remote attackers

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

Low

EPSS

0.006

Percentile

77.9%

JSON

Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Affected configurations

Nvd

Node

raritanpxRange≤1.5.8

raritanpxMatch1.0

raritanpxMatch1.0.4

raritanpxMatch1.1

raritanpxMatch1.1.6

raritanpxMatch1.2

raritanpxMatch1.2.5

raritanpxMatch1.2.7

raritanpxMatch1.3

raritanpxMatch1.3.1

raritanpxMatch1.3.5

raritanpxMatch1.4.1

raritanpxMatch1.5

raritanpxMatch1.5.4

raritanpxMatch1.5.7

AND

raritandpxr20a-16Match-

VendorProductVersionCPE
raritanpx*cpe:2.3:o:raritan:px:*:*:*:*:*:*:*:*
raritanpx1.0cpe:2.3:o:raritan:px:1.0:*:*:*:*:*:*:*
raritanpx1.0.4cpe:2.3:o:raritan:px:1.0.4:*:*:*:*:*:*:*
raritanpx1.1cpe:2.3:o:raritan:px:1.1:*:*:*:*:*:*:*
raritanpx1.1.6cpe:2.3:o:raritan:px:1.1.6:*:*:*:*:*:*:*
raritanpx1.2cpe:2.3:o:raritan:px:1.2:*:*:*:*:*:*:*
raritanpx1.2.5cpe:2.3:o:raritan:px:1.2.5:*:*:*:*:*:*:*
raritanpx1.2.7cpe:2.3:o:raritan:px:1.2.7:*:*:*:*:*:*:*
raritanpx1.3cpe:2.3:o:raritan:px:1.3:*:*:*:*:*:*:*
raritanpx1.3.1cpe:2.3:o:raritan:px:1.3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
raritan	px	*	cpe:2.3:o:raritan:px::::::::
raritan	px	1.0	cpe:2.3:o:raritan:px:1.0:::::::*
raritan	px	1.0.4	cpe:2.3:o:raritan:px:1.0.4:::::::*
raritan	px	1.1	cpe:2.3:o:raritan:px:1.1:::::::*
raritan	px	1.1.6	cpe:2.3:o:raritan:px:1.1.6:::::::*
raritan	px	1.2	cpe:2.3:o:raritan:px:1.2:::::::*
raritan	px	1.2.5	cpe:2.3:o:raritan:px:1.2.5:::::::*
raritan	px	1.2.7	cpe:2.3:o:raritan:px:1.2.7:::::::*
raritan	px	1.3	cpe:2.3:o:raritan:px:1.3:::::::*
raritan	px	1.3.1	cpe:2.3:o:raritan:px:1.3.1:::::::*

Rows per page:

1-10 of 161

References

seclists.org/fulldisclosure/2014/Jul/14

www.kb.cert.org/vuls/id/712660

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

Low

EPSS

0.006

Percentile

77.9%

JSON

Related for CVE-2014-2955