VAR-201407-0031
Vulnerability from variot - Updated: 2023-12-18 13:09config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. Infoblox NetMRI Is "root" of MySQL There is a vulnerability in which access rights can be obtained because the default password of the administrator is used for the database account.Local users may be able to gain access. Infoblox Network Automation is a network automation product. Infoblox Network Automation failed to properly handle the input submitted by the user via the skipjackUsername POST parameter, allowing remote attackers to exploit the vulnerability to inject operating system commands to the root user. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to an OS command-injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0031",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netmri",
"scope": "lt",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.8.5"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.1.2"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.8.2.11"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.0.2.42"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.2.1"
},
{
"model": "netmri",
"scope": "eq",
"trust": 1.6,
"vendor": "infoblox",
"version": "6.2.1.48"
},
{
"model": "netmri",
"scope": "lte",
"trust": 1.0,
"vendor": "infoblox",
"version": "6.8.4"
},
{
"model": "inc network automation",
"scope": null,
"trust": 0.6,
"vendor": "infoblox",
"version": null
},
{
"model": "netmri",
"scope": "eq",
"trust": 0.6,
"vendor": "infoblox",
"version": "6.8.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:infoblox:netmri:6.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoblox:netmri:6.0.2.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoblox:netmri:6.8.2.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoblox:netmri:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.8.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoblox:netmri:6.2.1.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:infoblox:netmri:6.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nate Kettlewell of Depth Security.",
"sources": [
{
"db": "BID",
"id": "68471"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3418",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-3418",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-3418",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04293",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3418",
"trust": 2.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-04293",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-343",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter. Infoblox NetMRI Is \"root\" of MySQL There is a vulnerability in which access rights can be obtained because the default password of the administrator is used for the database account.Local users may be able to gain access. Infoblox Network Automation is a network automation product. Infoblox Network Automation failed to properly handle the input submitted by the user via the skipjackUsername POST parameter, allowing remote attackers to exploit the vulnerability to inject operating system commands to the root user. Multiple Infoblox Network Automation Products including NetMRI, Switch Port Manager, Automation Change Manager and Security Device Controller are prone to an OS command-injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3418",
"trust": 4.1
},
{
"db": "BID",
"id": "68471",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "34030",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-04293",
"trust": 0.6
},
{
"db": "XF",
"id": "94449",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
]
},
"id": "VAR-201407-0031",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
}
]
},
"last_update_date": "2023-12-18T13:09:20.855000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Infoblox NetMRI",
"trust": 1.6,
"url": "http://www.infoblox.jp/products/network-automation/netmri"
},
{
"title": "Patch for Infoblox Network Automation product OS command injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/47486"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://github.com/depthsecurity/netmri-2014-3418"
},
{
"trust": 3.2,
"url": "http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2014/jul/35"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/34030"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/68471"
},
{
"trust": 1.4,
"url": "http://www.securityfocus.com/archive/1/archive/1/532709/100/0/threaded"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/532709/100/0/threaded"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94449"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3419"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3419"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/archive/1/archive/1/532710/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3418"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3418"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/532710"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/94449"
},
{
"trust": 0.3,
"url": "http://www.infoblox.com/en/products/netmri.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"db": "BID",
"id": "68471"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"date": "2014-07-09T00:00:00",
"db": "BID",
"id": "68471"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"date": "2014-07-15T14:55:09.387000",
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"date": "2014-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04293"
},
{
"date": "2014-07-09T00:00:00",
"db": "BID",
"id": "68471"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003358"
},
{
"date": "2014-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003357"
},
{
"date": "2018-10-09T19:43:44.097000",
"db": "NVD",
"id": "CVE-2014-3418"
},
{
"date": "2014-07-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infoblox NetMRI Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003358"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-343"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…