CVE-2014-2581 : Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors rel

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.

Published 2020-01-28 15:15:15

Updated 2020-01-30 17:00:03

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2014-2581

Fedoraproject » Fedora » Version: 19
cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 20
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Matching versions
Smb4k Project » Smb4k
Versions before (<) 1.1.1
cpe:2.3:a:smb4k_project:smb4k:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

1.99%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Assigned by: nvd@nist.gov (Primary)

http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html

[SECURITY] Fedora 20 Update: smb4k-1.1.2-1.fc20
Mailing List;Third Party Advisory
http://sourceforge.net/projects/smb4k/files/1.1.1/

Smb4K - Browse /1.1.1 at SourceForge.net
Release Notes;Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html

[SECURITY] Fedora 19 Update: smb4k-1.1.2-1.fc19
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/03/25/5

oss-security - Re: possible CVE request: smb4k credentials cache leak
Mailing List;Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/03/24/1

oss-security - possible CVE request: smb4k credentials cache leak
Mailing List;Third Party Advisory
https://bugs.gentoo.org/505376

505376 – (CVE-2014-2581) <net-misc/smb4k-1.1.1: potential credentials cache leak (CVE-2014-2581)
Issue Tracking;Patch;Third Party Advisory

Jump to