Published: 15/07/2014 Updated: 09/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

config/userAdmin/login.tdf in Infoblox NetMRI prior to 6.8.5 allows remote malicious users to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
infoblox netmri 6.1.2
infoblox netmri 6.0.2.42
infoblox netmri 6.8.2.11
infoblox netmri
infoblox netmri 6.2.1.48
infoblox netmri 6.2.1

Product: Network Automation, licensed as: • NetMRI • Switch Port Manager • Automation Change Manager • Security Device Controller Vendor: Infoblox Vulnerable Version(s): 64XX-684X Tested Version: 68211 Vendor Notification: May 12th, 2014 Vendor Patch Availability to Customers: May 16th, 2014 Publi ...

Infoblox versions 64xx through 684x suffer from a remote OS command injection vulnerability ...

NetMRI-CVE-2014-3418 - Metasploit Module InfoBlox Network Automation OS Command Injection Metasploit Module Product: Network Automation NetMRI Switch Port Manager Automation Change Manager Security Device Controller Vendor: InfoBlox Vulnerable Version(s): 64XX-684X

CWE-78 http://www.securityfocus.com/bid/68471 http://www.exploit-db.com/exploits/34030 http://seclists.org/fulldisclosure/2014/Jul/35 https://github.com/depthsecurity/NetMRI-2014-3418 http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94449 http://www.securityfocus.com/archive/1/532709/100/0/threaded https://nvd.nist.gov https://github.com/depthsecurity/NetMRI-2014-3418 https://www.exploit-db.com/exploits/34030/

CVE-2014-3418

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect