Vulnerability Details : CVE-2014-9713
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2014-9713
Probability of exploitation activity in the next 30 days: 0.18%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-9713
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-9713
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9713
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761406
#761406 - slapd: CVE-2014-9713: dangerous access rule in default config - Debian Bug report logs
-
http://www.securityfocus.com/bid/73217
OpenLDAP CVE-2014-9713 Security Bypass Vulnerability
-
http://www.ubuntu.com/usn/USN-2742-1
USN-2742-1: OpenLDAP vulnerabilities | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2015/03/29/2
oss-security - Re: CVE request (Debian specific): slapd: dangerous access rule in default config
-
http://www.debian.org/security/2015/dsa-3209
Debian -- Security Information -- DSA-3209-1 openldapVendor Advisory
Products affected by CVE-2014-9713
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.23:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.25:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.24:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.26:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.28:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.27:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.30:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.29:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.35:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.34:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.31:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.33:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.32:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.39:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.36:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.37:*:*:*:*:*:*:*
- cpe:2.3:a:openldap:openldap:2.4.38:*:*:*:*:*:*:*