Vulnerability Details : CVE-2014-4867
Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program.
Products affected by CVE-2014-4867
- cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.0:a:*:*:*:*:*:*
- cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.1:a:*:*:*:*:*:*
- cpe:2.3:a:cryoserver:cryoserver_security_appliance:7.3.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4867
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4867
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:L/AC:L/Au:S/C:C/I:C/A:C |
3.1
|
10.0
|
NIST |
CWE ids for CVE-2014-4867
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4867
-
http://www.kb.cert.org/vuls/id/280844
VU#280844 - Cryoserver Security Appliance vulnerable to privilege escalationThird Party Advisory;US Government Resource
Jump to