Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2328

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2014-2328
Last Modified 17 Mar 2015 10:00:44
Published 23 Apr 2014 11:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-2328

Summary

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

Vulnerable Systems

Application

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e

  • Cacti 0.8.7f

  • Cacti 0.8.7g

  • Cacti 0.8.8

  • Cacti 0.8.8a

  • Cacti 0.8.8b


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768

BID - 66387

BUGTRAQ - 20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=7442

FEDORA - FEDORA-2014-4892

FEDORA - FEDORA-2014-4928

CONFIRM - http://bugs.cacti.net/view.php?id=2433

DEBIAN - DSA-2970

SECUNIA - 59203

SUSE - openSUSE-SU-2015:0479


Last Updated: 27 May 2016 11:05:05