var-201407-0031
Vulnerability from variot
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. Infoblox NetMRI Is "root" of MySQL There is a vulnerability in which access rights can be obtained because the default password of the administrator is used for the database account.Local users may be able to gain access. Infoblox Network Automation is a network automation product. Infoblox Network Automation failed to properly handle the input submitted by the user via the skipjackUsername POST parameter, allowing remote attackers to exploit the vulnerability to inject operating system commands to the root user. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to an OS command-injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netmri",
"scope": "lt",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.8.5"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.1.2"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.0.2.42"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.2.1"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.2.1.48"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.8.2.11"
},
{
"model": "netmri",
"scope": "lte",
"trust": 1.0,
"vendor": "infoblox",
"version": "6.8.4"
},
{
"model": "inc network automation",
"scope": null,
"trust": 0.6,
"vendor": "infoblox",
"version": null
},
{
"model": "netmri",
"scope": "eq",
"trust": 0.6,
"vendor": "infoblox",
"version": "6.8.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:infoblox:netmri",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nate Kettlewell of Depth Security.",
"sources": [
{
"db": "BID",
"id": "68471"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3418",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3418",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-3418",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04293",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3418",
"trust": 1.6,
"value": "High"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3418",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-04293",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-343",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. Infoblox NetMRI Is \"root\" of MySQL There is a vulnerability in which access rights can be obtained because the default password of the administrator is used for the database account.Local users may be able to gain access. Infoblox Network Automation is a network automation product. Infoblox Network Automation failed to properly handle the input submitted by the user via the skipjackUsername POST parameter, allowing remote attackers to exploit the vulnerability to inject operating system commands to the root user. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to an OS command-injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3418",
"trust": 4.1
},
{
"db": "BID",
"id": "68471",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "34030",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-04293",
"trust": 0.6
},
{
"db": "XF",
"id": "94449",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"id": "VAR-201407-0031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
}
]
},
"last_update_date": "2024-11-23T22:39:00.753000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Infoblox NetMRI",
"trust": 1.6,
"url": "http://www.infoblox.jp/products/network-automation/netmri"
},
{
"title": "Patch for Infoblox Network Automation product OS command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47486"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://github.com/depthsecurity/netmri-2014-3418"
},
{
"trust": 3.2,
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/jul/35"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/68471"
},
{
"trust": 1.4,
"url": "http://www.securityfocus.com/archive/1/archive/1/532709/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3419"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3419"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/archive/1/532710/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3418"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3418"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/532710"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/94449"
},
{
"trust": 0.3,
"url": "http://www.infoblox.com/en/products/netmri.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"date": "2014-07-09T00:00:00",
"db": "BID",
"id": "68471"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"date": "2014-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"date": "2014-07-15T14:55:09.387000",
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"date": "2014-07-09T00:00:00",
"db": "BID",
"id": "68471"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"date": "2014-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-343"
},
{
"date": "2024-11-21T02:08:03.163000",
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infoblox NetMRI Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…