VAR-201406-0328
Vulnerability from variot - Updated: 2023-12-18 12:24Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. The IBM Virtualization Engine integrates IBM servers, disks and tape into an integrated product that simplifies the backup/recovery process to protect critical customer data and provide business continuity through fast recovery. Unprivileged users can invoke privileged commands via SSH, allowing an attacker to exploit the vulnerability to send all administrative commands. Local attackers may exploit this issue to gain elevated privileges. The product supports creation of multiple virtual tape volumes, data backup and recovery, cache encryption, and more
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "system storage virtualization engine ts7700",
"scope": "eq",
"trust": 2.6,
"vendor": "ibm",
"version": null
},
{
"model": "virtualization engine ts7700",
"scope": null,
"trust": 1.6,
"vendor": "ibm",
"version": null
},
{
"model": "system storage virtualization engine ts7700",
"scope": null,
"trust": 0.6,
"vendor": "ibm",
"version": null
},
{
"model": "virtualization engine ts7700",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ibm:system_storage_virtualization_engine_ts7700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ibm:system_storage_virtualization_engine_ts7700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3048"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM",
"sources": [
{
"db": "BID",
"id": "67942"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3048",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-3048",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "CNVD-2014-03652",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 1.5,
"id": "VHN-70987",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:H/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3048",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-03652",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-111",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70987",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. The IBM Virtualization Engine integrates IBM servers, disks and tape into an integrated product that simplifies the backup/recovery process to protect critical customer data and provide business continuity through fast recovery. Unprivileged users can invoke privileged commands via SSH, allowing an attacker to exploit the vulnerability to send all administrative commands. \nLocal attackers may exploit this issue to gain elevated privileges. The product supports creation of multiple virtual tape volumes, data backup and recovery, cache encryption, and more",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "VULHUB",
"id": "VHN-70987"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3048",
"trust": 3.4
},
{
"db": "BID",
"id": "67942",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-03652",
"trust": 0.6
},
{
"db": "XF",
"id": "93434",
"trust": 0.6
},
{
"db": "XF",
"id": "7700",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70987",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"id": "VAR-201406-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
}
]
},
"last_update_date": "2023-12-18T12:24:47.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "S1004653",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004653"
},
{
"title": "IBM Virtualization Engine TS7700 patch for insufficient SSH user limit vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46400"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3048"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004653"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/67942"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/93434"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3048"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3048"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/93434"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004653"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"db": "VULHUB",
"id": "VHN-70987"
},
{
"db": "BID",
"id": "67942"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"date": "2014-06-08T00:00:00",
"db": "VULHUB",
"id": "VHN-70987"
},
{
"date": "2014-06-04T00:00:00",
"db": "BID",
"id": "67942"
},
{
"date": "2014-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"date": "2014-06-08T23:55:02.570000",
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"date": "2014-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03652"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-70987"
},
{
"date": "2014-06-04T00:00:00",
"db": "BID",
"id": "67942"
},
{
"date": "2014-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002796"
},
{
"date": "2017-08-29T01:34:36.747000",
"db": "NVD",
"id": "CVE-2014-3048"
},
{
"date": "2014-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "67942"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-111"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM System Storage Virtualization Engine TS7700 Vulnerability gained in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002796"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "67942"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…