Vulnerability CVE-2014-4702

Vulnerability Name:

CVE-2014-4702 (CCN-94418)

Assigned:

2014-06-30

Published:

2014-06-30

Updated:

2016-11-28

Summary:

The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2014-4702

Source: CONFIRM
Type: Patch, Vendor Advisory
http://nagios-plugins.org/nagios-plugins-2-0-2-released/?utm_source=Nagios.org&utm_medium=News+Post&utm_content=Nagios%20Plugins%202.0.2%20Released&utm_campaign=Nagios%20Plugins

Source: SECUNIA
Type: UNKNOWN
58751

Source: SECUNIA
Type: UNKNOWN
61319

Source: CCN
Type: Nagios Web site
nagios

Source: MLIST
Type: UNKNOWN
[oss-security] 20140630 Re: CVE requests: nagios check_dhcp plug-in: read parts of INI config files belonging to root

Source: CCN
Type: BID-68251
Nagios Plugin Incomplete Fix Information Disclosure Vulnerability

Source: BID
Type: UNKNOWN
68293

Source: CCN
Type: BID-68293
Nagios Plugin CVE-2014-4702 Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
nagios-cve20144702-info-disc(94418)

Source: SUSE
Type: UNKNOWN
SUSE-SU-2014:1352

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-4702

Vulnerable Configuration:

Configuration 1:

cpe:/a:nagios:nagios:*:*:*:*:*:*:*:* (Version <= 2.0.1)

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20144702	V	CVE-2014-4702	2022-05-20
oval:org.opensuse.security:def:34683	P	Security update for ghostscript (Moderate)	2022-01-14
oval:org.opensuse.security:def:34614	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:30274	P	Security update for xen (Moderate)	2021-11-29
oval:org.opensuse.security:def:31310	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:34575	P	Security update for cairo (Low)	2021-10-22
oval:org.opensuse.security:def:30131	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:31272	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:34526	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:34468	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:30188	P	Security update for tomcat (Important)	2021-04-29
oval:org.opensuse.security:def:30043	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:34639	P	Security update for glibc (Moderate)	2021-02-25
oval:org.opensuse.security:def:33931	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:33837	P	Security update for gpg2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29826	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:30483	P	Security update for Samba	2020-12-01
oval:org.opensuse.security:def:34164	P	Security update for openssl (Moderate)	2020-12-01
oval:org.opensuse.security:def:29838	P	Security update for kdelibs4	2020-12-01
oval:org.opensuse.security:def:35321	P	Security update for microcode_ctl (Moderate)	2020-12-01
oval:org.opensuse.security:def:30571	P	Security update for libxslt	2020-12-01
oval:org.opensuse.security:def:34310	P	Security update for sendmail	2020-12-01
oval:org.opensuse.security:def:33836	P	Security update for gpg2 (Important)	2020-12-01
oval:org.opensuse.security:def:30634	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:33848	P	Security update for hplip	2020-12-01
oval:org.opensuse.security:def:30428	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:34067	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29827	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:30532	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:34221	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29911	P	Security update for libapr-util1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:35362	P	Security update for nagios-plugins	2020-12-01
oval:org.opensuse.security:def:30590	P	Security update for openssl (Important)	2020-12-01
oval:org.mitre.oval:def:28403	P	SUSE-SU-2014:1352-1 -- Security update for nagios-plugins (low)	2015-01-26
oval:com.ubuntu.precise:def:20144702000	V	CVE-2014-4702 on Ubuntu 12.04 LTS (precise) - negligible.	2014-12-05
oval:com.ubuntu.trusty:def:20144702000	V	CVE-2014-4702 on Ubuntu 14.04 LTS (trusty) - negligible.	2014-12-05

BACK