Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2327

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-2327
Last Modified 17 Mar 2015 10:00:43
Published 23 Apr 2014 11:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2327

Summary

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.

Vulnerable Systems

Application

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e

  • Cacti 0.8.7f

  • Cacti 0.8.7g

  • Cacti 0.8.8

  • Cacti 0.8.8a

  • Cacti 0.8.8b


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

BID - 66392

BUGTRAQ - 20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti

DEBIAN - DSA-2970

SECUNIA - 59203

SUSE - openSUSE-SU-2015:0479


Last Updated: 27 May 2016 11:05:05