EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
Published 2014-04-17 01:55:06
Updated 2014-04-17 15:06:50
Source Dell
View at NVD,   CVE.org
Vulnerability category: XML external entity (XXE) injectionInformation leak

Exploit prediction scoring system (EPSS) score for CVE-2014-0644

47.25%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2014-0644

  • EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read
    Disclosure Date: 2014-03-31
    First seen: 2020-04-26
    auxiliary/gather/emc_cta_xxe
    EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user. Authors: - Brandon Perry <bperry.volatile@gmail.com>

CVSS scores for CVE-2014-0644

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.8
HIGH AV:N/AC:L/Au:N/C:C/I:N/A:N
10.0
6.9
NIST

CWE ids for CVE-2014-0644

References for CVE-2014-0644

Products affected by CVE-2014-0644

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!