Vulnerability Details : CVE-2014-2959
logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.
Products affected by CVE-2014-2959
- cpe:2.3:h:dell:powervault_ml6000:41u:*:*:*:*:*:*:*
- cpe:2.3:h:dell:powervault_ml6000:32u:*:*:*:*:*:*:*
- cpe:2.3:o:dell:powervault_ml6000_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:quantum:scalar_i500:14u:*:*:*:*:*:*:*
- cpe:2.3:h:quantum:scalar_i500:23u:*:*:*:*:*:*:*
- cpe:2.3:h:quantum:scalar_i500:5u:*:*:*:*:*:*:*
- cpe:2.3:o:quantum:scalar_i500_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2959
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2959
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:P/A:P |
10.0
|
8.5
|
NIST |
CWE ids for CVE-2014-2959
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2959
-
http://www.kb.cert.org/vuls/id/124908
VU#124908 - Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerabilityUS Government Resource
-
http://www.securityfocus.com/bid/67751
Dell PowerVault ML6000 and Quantum Scalar i500 CVE-2014-2959 Remote Command Injection Vulnerability
Jump to