Vulnerability Details : CVE-2014-7298
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
Products affected by CVE-2014-7298
- cpe:2.3:a:centrify:centrify_suite:2012.5:*:*:*:*:*:*:*
- cpe:2.3:a:centrify:centrify_suite:2008:*:*:*:*:*:*:*
- cpe:2.3:a:centrify:centrify_suite:2014.1:*:*:*:*:*:*:*
- cpe:2.3:a:centrify:centrify_suite:2012:*:*:*:*:*:*:*
- cpe:2.3:a:centrify:directcontrol:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:centrify:directcontrol:4.2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7298
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 14 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7298
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2014-7298
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7298
-
https://exploithub.com/centrify-data-leakage.html
404 Not Found
-
http://www.centrify.com/support/announcements.asp#20141014
Support Overview | Centrify
-
http://twitter.com/travemme/statuses/525298393971564544
Travis E on Twitter: "Centrify fixed my adsetgroups setuid flaw: http://t.co/WKFeR4BgXh"
Jump to