| Vulnerability Name: | CVE-2014-2328 (CCN-92066) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2014-03-24 | ||||||||||||||||||||||||||||||||||||
| Published: | 2014-03-24 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2018-12-13 | ||||||||||||||||||||||||||||||||||||
| Summary: | lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. Per: https://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 5.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:U/RC:UR)
6.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Issue Tracking, Vendor Advisory http://bugs.cacti.net/view.php?id=2433 Source: MITRE Type: CNA CVE-2014-2328 Source: CCN Type: Cacti Web site Cacti Source: FEDORA Type: Third Party Advisory FEDORA-2014-4928 Source: FEDORA Type: Third Party Advisory FEDORA-2014-4892 Source: SUSE Type: Third Party Advisory openSUSE-SU-2015:0479 Source: CCN Type: Bugtraq Mailing List, Mon Mar 24 2014 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti Source: SECUNIA Type: Third Party Advisory 59203 Source: CONFIRM Type: Issue Tracking, Patch, Vendor Advisory http://svn.cacti.net/viewvc?view=rev&revision=7442 Source: DEBIAN Type: Third Party Advisory DSA-2970 Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti Source: BID Type: Third Party Advisory, VDB Entry 66387 Source: CCN Type: BID-66387 Cacti CVE-2014-2328 Unspecified Remote Command Execution Vulnerability Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768 Source: XF Type: UNKNOWN cacti-cve20142328-command-exec(92066) Source: GENTOO Type: Third Party Advisory GLSA-201509-03 Source: CCN Type: WhiteSource Vulnerability Database CVE-2014-2328 | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||