CVE-2014-2959 (GCVE-0-2014-2959)

Vulnerability from cvelistv5 – Published: 2014-06-02 19:00 – Updated: 2024-08-06 10:28
VLAI?
Summary
logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/bid/67751 vdb-entryx_refsource_BID
http://www.kb.cert.org/vuls/id/124908 third-party-advisoryx_refsource_CERT-VN
http://secunia.com/advisories/59019 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.358Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "67751",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67751"
          },
          {
            "name": "VU#124908",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/124908"
          },
          {
            "name": "59019",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59019"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-06-20T12:57:00",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "67751",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67751"
        },
        {
          "name": "VU#124908",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/124908"
        },
        {
          "name": "59019",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59019"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-2959",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "67751",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67751"
            },
            {
              "name": "VU#124908",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/124908"
            },
            {
              "name": "59019",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59019"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-2959",
    "datePublished": "2014-06-02T19:00:00",
    "dateReserved": "2014-04-21T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.358Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:dell:powervault_ml6000_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"i8.2.0.1_\\\\(641g.gs003\\\\)\", \"matchCriteriaId\": \"4DFB91B9-A601-4F22-A1D2-D9DD5C8F9385\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:dell:powervault_ml6000:32u:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"136C9AB1-37AE-43EE-BAAC-39277789B734\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:dell:powervault_ml6000:41u:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33A96FD1-2005-41BE-ACE5-33AC136F7206\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:quantum:scalar_i500_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"i8.2.2.1_\\\\(646g.gs002\\\\)\", \"matchCriteriaId\": \"2E26485A-B28F-42DF-8650-59A7D7C9D554\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:quantum:scalar_i500:5u:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C6AA8B64-A78C-4B51-B29B-21CF2AEF9484\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:quantum:scalar_i500:14u:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6FFB7DA-15EB-4053-9440-A30F8E434F5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:quantum:scalar_i500:23u:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C39DFB77-7945-4CA0-9B66-AF3908FE515D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.\"}, {\"lang\": \"es\", \"value\": \"logViewer.htm en el sistema de copias de seguridad de cintas Dell ML6000 con firmware anterior a i8.2.0.2 (641G.GS103) y el sistema de copias de seguridad de cintas Quantum Scalar i500 con firmware anterior a i8.2.2.1 (646G.GS002) permite a atacantes remotos ejecutar comandos arbitrarios a trav\\u00e9s de metacaracteres de shell en un par\\u00e1metro de nombre de ruta.\"}]",
      "id": "CVE-2014-2959",
      "lastModified": "2024-11-21T02:07:14.600",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:P/A:P\", \"baseScore\": 9.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 8.5, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-06-02T19:55:03.500",
      "references": "[{\"url\": \"http://secunia.com/advisories/59019\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/124908\", \"source\": \"cret@cert.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/67751\", \"source\": \"cret@cert.org\"}, {\"url\": \"http://secunia.com/advisories/59019\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/124908\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/67751\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cret@cert.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2959\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2014-06-02T19:55:03.500\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.\"},{\"lang\":\"es\",\"value\":\"logViewer.htm en el sistema de copias de seguridad de cintas Dell ML6000 con firmware anterior a i8.2.0.2 (641G.GS103) y el sistema de copias de seguridad de cintas Quantum Scalar i500 con firmware anterior a i8.2.2.1 (646G.GS002) permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en un par\u00e1metro de nombre de ruta.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:P/A:P\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:dell:powervault_ml6000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"i8.2.0.1_\\\\(641g.gs003\\\\)\",\"matchCriteriaId\":\"4DFB91B9-A601-4F22-A1D2-D9DD5C8F9385\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:dell:powervault_ml6000:32u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"136C9AB1-37AE-43EE-BAAC-39277789B734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:dell:powervault_ml6000:41u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33A96FD1-2005-41BE-ACE5-33AC136F7206\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:quantum:scalar_i500_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"i8.2.2.1_\\\\(646g.gs002\\\\)\",\"matchCriteriaId\":\"2E26485A-B28F-42DF-8650-59A7D7C9D554\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:quantum:scalar_i500:5u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6AA8B64-A78C-4B51-B29B-21CF2AEF9484\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:quantum:scalar_i500:14u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6FFB7DA-15EB-4053-9440-A30F8E434F5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:quantum:scalar_i500:23u:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C39DFB77-7945-4CA0-9B66-AF3908FE515D\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/59019\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/124908\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/67751\",\"source\":\"cret@cert.org\"},{\"url\":\"http://secunia.com/advisories/59019\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/124908\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/67751\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.