CVE-2014-3419 - Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account,

CVE-2014-3419

Summary

Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.

References

Vulnerable Configurations

cpe:2.3:a:infoblox:netmri:6.0.2.42:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.0.2.42:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.1.2:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.2.1.48:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.2.1.48:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.8.2.11:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.8.2.11:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.8.4:*:*:*:*:*:*:*
cpe:2.3:a:infoblox:netmri:6.8.4:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 09-10-2018 - 19:43)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	68473
bugtraq	20140709 Weak Local Database Credentials in Infoblox Network Automation
misc	http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html https://github.com/depthsecurity/NetMRI-2014-3418
sectrack	1030542
xf	infoblox-cve20143419-default-account(94450)

Last major update

09-10-2018 - 19:43

Published

15-07-2014 - 14:55

Last modified

09-10-2018 - 19:43