CVE-2014-2084 : Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.

Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.

Published 2014-05-17 19:55:03

Updated 2014-06-13 04:54:38

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-2084

Skyboxsecurity » Skybox View Appliance Iso » Version: 6.3.31-2.14
cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.3.31-2.14:*:*:*:*:*:*:*
Matching versions
Skyboxsecurity » Skybox View Appliance Iso » Version: 6.4.42-2.54
cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.42-2.54:*:*:*:*:*:*:*
Matching versions
Skyboxsecurity » Skybox View Appliance Iso » Version: 6.3.33-2.14
cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.3.33-2.14:*:*:*:*:*:*:*
Matching versions
Skyboxsecurity » Skybox View Appliance Iso » Version: 6.4.45-2.56
cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.45-2.56:*:*:*:*:*:*:*
Matching versions
Skyboxsecurity » Skybox View Appliance Iso » Version: 6.4.46-2.57
cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.46-2.57:*:*:*:*:*:*:*
Matching versions
Skyboxsecurity » Skybox View Appliance » Version: N/A
cpe:2.3:h:skyboxsecurity:skybox_view_appliance:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-2084

EPSS FAQ

20.78%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-2084

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.5	HIGH	AV:N/AC:L/Au:N/C:P/I:N/A:C	10.0	7.8	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2014-2084

CWE-264

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2014-2084

Skybox Security 2014-06-09

https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf

References for CVE-2014-2084

http://www.securityfocus.com/bid/67352

RETIRED: Skybox Security Multiple Denial of Service Vulnerabilities
http://www.exploit-db.com/exploits/33327

Skybox Security 6.3.x < 6.4.x - Multiple Information Disclosures - Hardware webapps Exploit
Exploit
https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf

Page not found | Skybox Security
http://www.exploit-db.com/exploits/33328

Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities - Hardware dos Exploit
Exploit

Jump to