CVE-2014-4811 : IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x an

IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address.

Published 2014-09-12 01:55:08

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2014-4811

IBM » Storwize V7000 » Version: N/A
cpe:2.3:h:ibm:storwize_v7000:-:*:*:*:*:*:*:*
Matching versions
IBM » Storwize V3700 » Version: N/A
cpe:2.3:h:ibm:storwize_v3700:-:*:*:*:*:*:*:*
Matching versions
IBM » Storwize V3500 » Version: N/A
cpe:2.3:h:ibm:storwize_v3500:-:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.0.0
cpe:2.3:a:ibm:san_volume_controller_software:6.4.0.0:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.2.0.0
cpe:2.3:a:ibm:san_volume_controller_software:6.2.0.0:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.3.0.0
cpe:2.3:a:ibm:san_volume_controller_software:6.3.0.0:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.0
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.2.0.0
cpe:2.3:a:ibm:san_volume_controller_software:7.2.0.0:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.2.0.2
cpe:2.3:a:ibm:san_volume_controller_software:7.2.0.2:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.3.0.7
cpe:2.3:a:ibm:san_volume_controller_software:6.3.0.7:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.3.0.5
cpe:2.3:a:ibm:san_volume_controller_software:6.3.0.5:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.9
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.9:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.7
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.7:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.8
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.8:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.1.7
cpe:2.3:a:ibm:san_volume_controller_software:6.4.1.7:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.1.5
cpe:2.3:a:ibm:san_volume_controller_software:6.4.1.5:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.3.0.3
cpe:2.3:a:ibm:san_volume_controller_software:6.3.0.3:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.3.0.1
cpe:2.3:a:ibm:san_volume_controller_software:6.3.0.1:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.5
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.3
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.1.0.1
cpe:2.3:a:ibm:san_volume_controller_software:7.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.1.0.3
cpe:2.3:a:ibm:san_volume_controller_software:7.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.1.0.6
cpe:2.3:a:ibm:san_volume_controller_software:7.1.0.6:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.0.3
cpe:2.3:a:ibm:san_volume_controller_software:6.4.0.3:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.0.1
cpe:2.3:a:ibm:san_volume_controller_software:6.4.0.1:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.2.0.2
cpe:2.3:a:ibm:san_volume_controller_software:6.2.0.2:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.4
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.4:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.6
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.6:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.3.0.2
cpe:2.3:a:ibm:san_volume_controller_software:6.3.0.2:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.3.0.4
cpe:2.3:a:ibm:san_volume_controller_software:6.3.0.4:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.1.6
cpe:2.3:a:ibm:san_volume_controller_software:6.4.1.6:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.2.0.1
cpe:2.3:a:ibm:san_volume_controller_software:7.2.0.1:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.10
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.10:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.3.0.6
cpe:2.3:a:ibm:san_volume_controller_software:6.3.0.6:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.1.0.7
cpe:2.3:a:ibm:san_volume_controller_software:7.1.0.7:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.1.0.5
cpe:2.3:a:ibm:san_volume_controller_software:7.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.2.0.1
cpe:2.3:a:ibm:san_volume_controller_software:6.2.0.1:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.2.0.3
cpe:2.3:a:ibm:san_volume_controller_software:6.2.0.3:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.0.2
cpe:2.3:a:ibm:san_volume_controller_software:6.4.0.2:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.0.4
cpe:2.3:a:ibm:san_volume_controller_software:6.4.0.4:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.1.0.2
cpe:2.3:a:ibm:san_volume_controller_software:7.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.1.0.0
cpe:2.3:a:ibm:san_volume_controller_software:7.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.1.3
cpe:2.3:a:ibm:san_volume_controller_software:6.4.1.3:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.1.1
cpe:2.3:a:ibm:san_volume_controller_software:6.4.1.1:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.2.0.6
cpe:2.3:a:ibm:san_volume_controller_software:6.2.0.6:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.2.0.4
cpe:2.3:a:ibm:san_volume_controller_software:6.2.0.4:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.1
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.1.0.2
cpe:2.3:a:ibm:san_volume_controller_software:6.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.2.0.5
cpe:2.3:a:ibm:san_volume_controller_software:6.2.0.5:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.1.2
cpe:2.3:a:ibm:san_volume_controller_software:6.4.1.2:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.1.4
cpe:2.3:a:ibm:san_volume_controller_software:6.4.1.4:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.2.0.6
cpe:2.3:a:ibm:san_volume_controller_software:7.2.0.6:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.2.0.7
cpe:2.3:a:ibm:san_volume_controller_software:7.2.0.7:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 6.4.1.8
cpe:2.3:a:ibm:san_volume_controller_software:6.4.1.8:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.2.0.3
cpe:2.3:a:ibm:san_volume_controller_software:7.2.0.3:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.2.0.4
cpe:2.3:a:ibm:san_volume_controller_software:7.2.0.4:*:*:*:*:*:*:*
Matching versions
IBM » San Volume Controller Software » Version: 7.2.0.5
cpe:2.3:a:ibm:san_volume_controller_software:7.2.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Storwize V5000 » Version: N/A
cpe:2.3:h:ibm:storwize_v5000:-:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-4811

EPSS FAQ

0.74%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-4811

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2014-4811

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-4811

http://secunia.com/advisories/61075

Sign in
https://exchange.xforce.ibmcloud.com/vulnerabilities/95387

IBM System Storage Storwize security bypass CVE-2014-4811 Vulnerability Report
http://www.securityfocus.com/bid/69771

IBM V7000 Unified CVE-2014-4811 Security Bypass Vulnerability
http://www.ibm.com/support/docview.wss?uid=ssg1S1004846

IBM Security Bulletin: Administrator password can be reset without authentication on SAN Volume Controller and Storwize Family (CVE-2014-4811)
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-4811

Products affected by CVE-2014-4811

Exploit prediction scoring system (EPSS) score for CVE-2014-4811

CVSS scores for CVE-2014-4811

CWE ids for CVE-2014-4811

References for CVE-2014-4811