| Vulnerability Name: | CVE-2014-0007 (CCN-94074) | ||||||||
| Assigned: | 2013-12-03 | ||||||||
| Published: | 2014-06-18 | ||||||||
| Updated: | 2023-02-13 | ||||||||
| Summary: | Foreman could allow a remote attacker to execute arbitrary commands on the system, caused by an error in tftp.rb in the Smart Proxy TFTP module. An attacker could exploit this vulnerability using the path parameter to inject and execute arbitrary commands on the system. | ||||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-0007 Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: Foreman Web site CVE-2014-0007: TFTP boot file fetch API permits remote code execution Source: CCN Type: BID-68117 Foreman Smart-Proxy Remote Command Injection Vulnerability Source: XF Type: UNKNOWN foreman-cve20140007-command-exec(94074) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||