Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-7989

Published: 07/11/2014 Updated: 08/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 10 | Exploitability Score: 3.1
VMScore: 605
Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
Subscribe to B440 M2

Vulnerability Summary

Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local malicious user to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands. An attacker could exploit this vulnerability by sending a crafted command in the command-line interface. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit the vulnerability, the attacker may need local system access to the targeted system under the local-mgmt context. This access requirement could limit the likelihood of a successful exploit.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco b440 m2 -

cisco b260 m4 -

cisco b230 m2 -

cisco b420 m3 -

cisco b22 m3 -

cisco b460 m4 -

cisco b200 m3 -

cisco b200 m4 -

Vendor Advisories

Cisco: Cisco Unified Computing System B-Series Servers Privilege Escalation Vulnerability
Cisco Unified Computing System B-Series Blade Servers could allow an authenticated, local attacker to gain shell-level access to the affected device The vulnerability is due to improper input validation in the ping6 and the traceroute6 commands An attacker could exploit this vulnerability by sending a crafted command in the command-line interfa ...

References

CWE-20http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7989http://www.securityfocus.com/bid/70969http://www.securitytracker.com/id/1031178https://exchange.xforce.ibmcloud.com/vulnerabilities/98530https://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20141209-CVE-2014-7989
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook