CVE-2014-2625
high
CVSS v3
—
CVSS v2
8.5
VIR risk
8.5
Description
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: hp-security-alert@hp.com — https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hp | network_virtualization | 8.6 | |
References
- http://secunia.com/advisories/60418
- http://www.securitytracker.com/id/1030624
- http://zerodayinitiative.com/advisories/ZDI-14-267/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
- http://secunia.com/advisories/60418
- http://www.securitytracker.com/id/1030624
- http://zerodayinitiative.com/advisories/ZDI-14-267/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.