Vulnerability Details : CVE-2014-2533
Public exploit exists!
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
Products affected by CVE-2014-2533
- cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:*:*:*:*:*:*:*
- cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.4.1:*:*:*:*:*:*:*
- cpe:2.3:o:blackberry:qnx_neutrino_rtos:6.5.0:sp1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2533
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2014-2533
-
ifwatchd Privilege Escalation
Disclosure Date: 2014-03-10First seen: 2020-04-26exploit/qnx/local/ifwatchd_priv_escThis module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when
CVSS scores for CVE-2014-2533
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-2533
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2533
-
http://seclists.org/bugtraq/2014/Mar/66
Bugtraq: Medium severity flaw in BlackBerry QNX Neutrino RTOS
-
http://seclists.org/fulldisclosure/2014/Mar/124
Full Disclosure: Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS
-
https://www.exploit-db.com/exploits/45575/
ifwatchd - Privilege Escalation (Metasploit) - Linux local Exploit
-
http://www.exploit-db.com/exploits/32153/
QNX 6.4.x/6.5.x ifwatchd - Local Privilege Escalation - QNX local ExploitExploit
-
http://seclists.org/bugtraq/2014/Mar/88
Bugtraq: Re: Medium severity flaw in BlackBerry QNX Neutrino RTOS
-
http://seclists.org/fulldisclosure/2014/Mar/98
Full Disclosure: Medium severity flaw in BlackBerry QNX Neutrino RTOS
Jump to