CVE-2014-2626
critical
CVSS v3
—
CVSS v2
9.4
VIR risk
9.4
Description
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: hp-security-alert@hp.com — https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hp | network_virtualization | 8.6 | |
References
- http://secunia.com/advisories/60418
- http://www.securitytracker.com/id/1030624
- http://zerodayinitiative.com/advisories/ZDI-14-268/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
- http://secunia.com/advisories/60418
- http://www.securitytracker.com/id/1030624
- http://zerodayinitiative.com/advisories/ZDI-14-268/
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202
CWEs
CWE-22
Verify integrity in audit chain (admin only). AS-IS.