CVE-2014-6260

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Command Injection

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 15/12/14 - Updated on 21/03/16

Description

Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412.

Category: Command Injection

CWE-77 (Command Injection)
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Security Notices

US National Vulnerability DatabaseCVE-2014-6260

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
zenosszenoss_core

Share this vulnerability with:

Twitter Facebook LinkedIn Mail