Lucene search
HistoryOct 25, 2014 - 10:55 a.m.
CVE-2014-4623
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
56.4%
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
Affected configurations
Node
emcavamarMatch6.0.1
ORemcavamarMatch6.0.2
ORemcavamarMatch6.0.3
ORemcavamarMatch6.1
ORemcavamarMatch6.1.101-87
ORemcavamarMatch7.0
ORemcavamarMatch7.0sp1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| emc | avamar | 6.0.1 | cpe:2.3:a:emc:avamar:6.0.1:*:*:*:*:*:*:* |
| emc | avamar | 6.0.2 | cpe:2.3:a:emc:avamar:6.0.2:*:*:*:*:*:*:* |
| emc | avamar | 6.0.3 | cpe:2.3:a:emc:avamar:6.0.3:*:*:*:*:*:*:* |
| emc | avamar | 6.1 | cpe:2.3:a:emc:avamar:6.1:*:*:*:*:*:*:* |
| emc | avamar | 6.1.101-87 | cpe:2.3:a:emc:avamar:6.1.101-87:*:*:*:*:*:*:* |
| emc | avamar | 7.0 | cpe:2.3:a:emc:avamar:7.0:*:*:*:*:*:*:* |
| emc | avamar | 7.0 | cpe:2.3:a:emc:avamar:7.0:sp1:*:*:*:*:*:* |
Related
prion
prion
Default credentials
2014-10-25 10:55:00
securityvulns
securityvulns
ESA-2014-094: EMC Avamar Weak Password Storage Vulnerability
2014-10-27 00:00:00
EMC Avamar security vulnerabilities
2014-10-27 00:00:00
cve
cve
CVE-2014-4623
2014-10-25 10:55:06
cvelist
cvelist
CVE-2014-4623
2014-10-25 10:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.002
Percentile
56.4%
Related for NVD:CVE-2014-4623