CVE-2014-1685 : The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x befor

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

Published 2014-05-08 14:29:14

Updated 2014-05-09 16:46:38

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-1685

Zabbix » Zabbix
Versions up to, including, (<=) 1.8.19
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 1.8
cpe:2.3:a:zabbix:zabbix:1.8:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 1.8.1
cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 1.8.2
cpe:2.3:a:zabbix:zabbix:1.8.2:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 1.8.3 Update RC2
cpe:2.3:a:zabbix:zabbix:1.8.3:rc2:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 1.8.3 Update RC3
cpe:2.3:a:zabbix:zabbix:1.8.3:rc3:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 1.8.3 Update RC1
cpe:2.3:a:zabbix:zabbix:1.8.3:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.0 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.0:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.0 Update RC2
cpe:2.3:a:zabbix:zabbix:2.0.0:rc2:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.1 Update RC2
cpe:2.3:a:zabbix:zabbix:2.0.1:rc2:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.1 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.1:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.0 Update RC3
cpe:2.3:a:zabbix:zabbix:2.0.0:rc3:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.0 Update RC4
cpe:2.3:a:zabbix:zabbix:2.0.0:rc4:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.0
cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.1
cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.0 Update RC5
cpe:2.3:a:zabbix:zabbix:2.0.0:rc5:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.0 Update RC6
cpe:2.3:a:zabbix:zabbix:2.0.0:rc6:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.6
cpe:2.3:a:zabbix:zabbix:2.0.6:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.5
cpe:2.3:a:zabbix:zabbix:2.0.5:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.3
cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 1.8.16
cpe:2.3:a:zabbix:zabbix:1.8.16:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.2
cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.4
cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 1.8.15 Update RC1
cpe:2.3:a:zabbix:zabbix:1.8.15:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.2 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.2:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.3 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.3:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.7 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.7:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.8 Update RC2
cpe:2.3:a:zabbix:zabbix:2.0.8:rc2:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.2.0 Update RC1
cpe:2.3:a:zabbix:zabbix:2.2.0:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.2.1
cpe:2.3:a:zabbix:zabbix:2.2.1:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.9 Update RC2
cpe:2.3:a:zabbix:zabbix:2.0.9:rc2:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.10 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.10:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.2.1 Update RC1
cpe:2.3:a:zabbix:zabbix:2.2.1:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.2.1
cpe:2.3:a:zabbix:zabbix:2.2.1:-:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.3 Update RC2
cpe:2.3:a:zabbix:zabbix:2.0.3:rc2:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.4 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.4:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.5 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.5:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.6 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.6:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 1.8.18
cpe:2.3:a:zabbix:zabbix:1.8.18:*:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.2 Update RC2
cpe:2.3:a:zabbix:zabbix:2.0.2:rc2:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.8 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.8:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.0.9 Update RC1
cpe:2.3:a:zabbix:zabbix:2.0.9:rc1:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.2.0 Update RC2
cpe:2.3:a:zabbix:zabbix:2.2.0:rc2:*:*:*:*:*:*
Matching versions
Zabbix » Zabbix » Version: 2.2.0
cpe:2.3:a:zabbix:zabbix:2.2.0:-:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 19
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 20
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-1685

EPSS FAQ

0.16%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-1685

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.5	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:P	8.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

References for CVE-2014-1685

https://support.zabbix.com/browse/ZBX-7693

[ZBX-7693] User type "Zabbix Admin" users can modify the media for all Zabbix users - Security hole - ZABBIX SUPPORT
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html

[SECURITY] Fedora 20 Update: zabbix-2.0.11-3.fc20

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html

[SECURITY] Fedora 19 Update: zabbix-2.0.11-3.fc19

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2014-1685

Products affected by CVE-2014-1685

Exploit prediction scoring system (EPSS) score for CVE-2014-1685

CVSS scores for CVE-2014-1685

References for CVE-2014-1685