Vulnerability Details : CVE-2014-4623
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack.
Products affected by CVE-2014-4623
- cpe:2.3:a:emc:avamar:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar:7.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:emc:avamar:6.1.101-87:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4623
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4623
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-4623
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4623
-
http://www.securitytracker.com/id/1031117
EMC Avamar Password Hardening Package Weak Encryption Algorithm Lets Local Users Decrypt Passwords - SecurityTracker
-
http://archives.neohapsis.com/archives/bugtraq/2014-10/0146.html
-
http://packetstormsecurity.com/files/128842/EMC-Avamar-Weak-Password-Storage.html
EMC Avamar Weak Password Storage ≈ Packet Storm
-
http://www.securityfocus.com/bid/70732
EMC Avamar CVE-2014-4623 Password Encryption Weakness
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/97757
EMC Avamar Data Store information disclosure CVE-2014-4623 Vulnerability Report
Jump to