VAR-201406-0323
Vulnerability from variot - Updated: 2023-12-18 13:44logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter. Dell Provided by PowerVault ML6000 series and Quantum Provided by Scalar i500 In OS Command injection vulnerability (CWE-78) Exists. CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') http://cwe.mitre.org/data/definitions/78.htmlAny information on the server by a remote third party OS The command may be executed. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected device. The following products are vulnerable: Quantum Scalar i500 firmware versions i8.2.2 (645G.GS004) and prior Dell PowerVault ML6000 firmware version i8.2.0.1 (641G.GS003) and prior. The Dell PowerVault ML6000 and Quantum Scalar i500 are tape library products designed for high-capacity data storage and providing faster and more reliable data protection for storage environments
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0323",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "powervault ml6000",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "41u"
},
{
"model": "scalar i500",
"scope": "eq",
"trust": 1.0,
"vendor": "quantum",
"version": "23u"
},
{
"model": "powervault ml6000",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "i8.2.0.1_\\(641g.gs003\\)"
},
{
"model": "scalar i500",
"scope": "eq",
"trust": 1.0,
"vendor": "quantum",
"version": "5u"
},
{
"model": "scalar i500",
"scope": "lte",
"trust": 1.0,
"vendor": "quantum",
"version": "i8.2.2.1_\\(646g.gs002\\)"
},
{
"model": "scalar i500",
"scope": "eq",
"trust": 1.0,
"vendor": "quantum",
"version": "14u"
},
{
"model": "powervault ml6000",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "32u"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "quantum",
"version": null
},
{
"model": "scalar i500",
"scope": null,
"trust": 0.8,
"vendor": "quantum",
"version": null
},
{
"model": "scalar i500",
"scope": "lt",
"trust": 0.8,
"vendor": "quantum",
"version": "i8.2.2.1 (646g.gs002) earlier"
},
{
"model": "powervault ml6000",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "powervault ml6000",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "i8.2.0.2 (641g.gs103) earlier"
},
{
"model": "scalar i500",
"scope": "eq",
"trust": 0.6,
"vendor": "quantum",
"version": "i8.2.2.1_\\(646g.gs002\\)"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#124908"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002686"
},
{
"db": "NVD",
"id": "CVE-2014-2959"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-022"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:powervault_ml6000_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "i8.2.0.1_\\(641g.gs003\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:powervault_ml6000:32u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dell:powervault_ml6000:41u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:quantum:scalar_i500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "i8.2.2.1_\\(646g.gs002\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:quantum:scalar_i500:14u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:quantum:scalar_i500:23u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:quantum:scalar_i500:5u:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2959"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Benjamin Buchanan",
"sources": [
{
"db": "BID",
"id": "67751"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2959",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.0,
"collateralDamagePotential": "MEDIUM-HIGH",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.3,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2959",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-002686",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-70898",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2959",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-002686",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-022",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-70898",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#124908"
},
{
"db": "VULHUB",
"id": "VHN-70898"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002686"
},
{
"db": "NVD",
"id": "CVE-2014-2959"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-022"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter. Dell Provided by PowerVault ML6000 series and Quantum Provided by Scalar i500 In OS Command injection vulnerability (CWE-78) Exists. CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) http://cwe.mitre.org/data/definitions/78.htmlAny information on the server by a remote third party OS The command may be executed. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected device. \nThe following products are vulnerable:\nQuantum Scalar i500 firmware versions i8.2.2 (645G.GS004) and prior\nDell PowerVault ML6000 firmware version i8.2.0.1 (641G.GS003) and prior. The Dell PowerVault ML6000 and Quantum Scalar i500 are tape library products designed for high-capacity data storage and providing faster and more reliable data protection for storage environments",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2959"
},
{
"db": "CERT/CC",
"id": "VU#124908"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002686"
},
{
"db": "BID",
"id": "67751"
},
{
"db": "VULHUB",
"id": "VHN-70898"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2959",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#124908",
"trust": 3.6
},
{
"db": "BID",
"id": "67751",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "59019",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU99779325",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002686",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-022",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-70898",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#124908"
},
{
"db": "VULHUB",
"id": "VHN-70898"
},
{
"db": "BID",
"id": "67751"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002686"
},
{
"db": "NVD",
"id": "CVE-2014-2959"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-022"
}
]
},
"id": "VAR-201406-0323",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70898"
}
],
"trust": 0.6625
},
"last_update_date": "2023-12-18T13:44:28.468000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell PowerVault ML6000 Firmware Update, version A28",
"trust": 0.8,
"url": "http://www.dell.com/support/home/jp/ja/19/drivers/driversdetails?driverid=xcc7w\u0026oscode=wnet\u0026fileid=3369748178\u0026languagecode=en\u0026categoryid=ta"
},
{
"title": "Scalar i500",
"trust": 0.8,
"url": "http://www.quantum.com/serviceandsupport/softwareanddocumentationdownloads/si500/index.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002686"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70898"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002686"
},
{
"db": "NVD",
"id": "CVE-2014-2959"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/124908"
},
{
"trust": 1.9,
"url": " http://www.quantum.com/serviceandsupport/softwareanddocumentationdownloads/si500/index.aspx"
},
{
"trust": 1.6,
"url": "http://www.dell.com/support/drivers/us/en/19/driverdetails/product/powervault-ml6000?driverid=xcc7w\u0026oscode=wnet\u0026fileid=3369748178\u0026languagecode=en\u0026categoryid=ta"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/67751"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59019"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2959"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99779325/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2959"
},
{
"trust": 0.3,
"url": "http://dell.com"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#124908"
},
{
"db": "VULHUB",
"id": "VHN-70898"
},
{
"db": "BID",
"id": "67751"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002686"
},
{
"db": "NVD",
"id": "CVE-2014-2959"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-022"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#124908"
},
{
"db": "VULHUB",
"id": "VHN-70898"
},
{
"db": "BID",
"id": "67751"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002686"
},
{
"db": "NVD",
"id": "CVE-2014-2959"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-022"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-30T00:00:00",
"db": "CERT/CC",
"id": "VU#124908"
},
{
"date": "2014-06-02T00:00:00",
"db": "VULHUB",
"id": "VHN-70898"
},
{
"date": "2014-05-30T00:00:00",
"db": "BID",
"id": "67751"
},
{
"date": "2014-06-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002686"
},
{
"date": "2014-06-02T19:55:03.500000",
"db": "NVD",
"id": "CVE-2014-2959"
},
{
"date": "2014-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-022"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-05-30T00:00:00",
"db": "CERT/CC",
"id": "VU#124908"
},
{
"date": "2014-06-26T00:00:00",
"db": "VULHUB",
"id": "VHN-70898"
},
{
"date": "2014-05-30T00:00:00",
"db": "BID",
"id": "67751"
},
{
"date": "2014-06-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002686"
},
{
"date": "2014-06-26T04:50:04.050000",
"db": "NVD",
"id": "CVE-2014-2959"
},
{
"date": "2014-06-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-022"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-022"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#124908"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-022"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…