Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2084

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2014-2084
Last Modified 13 Jun 2014 12:54:38
Published 17 May 2014 03:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2084

Summary

Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.

Vulnerable Systems

Application

  • Skyboxsecurity Skybox View Appliance Iso 6.3.31-2.14

  • Skyboxsecurity Skybox View Appliance Iso 6.3.33-2.14

  • Skyboxsecurity Skybox View Appliance Iso 6.4.42-2.54

  • Skyboxsecurity Skybox View Appliance Iso 6.4.45-2.56

  • Skyboxsecurity Skybox View Appliance Iso 6.4.46-2.57


References

BID - 67352

OSVDB - 106842

EXPLOIT-DB - 33328

EXPLOIT-DB - 33327

CONFIRM - https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf


Last Updated: 27 May 2016 11:05:32