CVE-2014-2084 - Vulnerability Details - OpenCVE

Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Skyboxsecurity	Skybox View Appliance Skybox View Appliance Iso

Configuration 1 [-]

AND

OR	cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.3.31-2.14:::::::*
	cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.3.33-2.14:::::::*
	cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.42-2.54:::::::*
	cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.45-2.56:::::::*
	cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.46-2.57:::::::*

cpe:2.3:h:skyboxsecurity:skybox_view_appliance:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.exploit-db.com/exploits/33327
http://www.exploit-db.com/exploits/33328
http://www.osvdb.org/106842
http://www.securityfocus.com/bid/67352
https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-05-17T19:00:00

Updated: 2024-08-06T09:58:16.269Z

Reserved: 2014-02-19T00:00:00

Link: CVE-2014-2084

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-05-17T19:55:03.167

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-2084

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-12T00:00:00", "descriptions": [{"lang": "en", "value": "Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-10T13:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "33327", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/33327"}, {"name": "106842", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/106842"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf"}, {"name": "33328", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/33328"}, {"name": "67352", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67352"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2084", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "33327", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/33327"}, {"name": "106842", "refsource": "OSVDB", "url": "http://www.osvdb.org/106842"}, {"name": "https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf", "refsource": "CONFIRM", "url": "https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf"}, {"name": "33328", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/33328"}, {"name": "67352", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67352"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:58:16.269Z"}, "title": "CVE Program Container", "references": [{"name": "33327", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/33327"}, {"name": "106842", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/106842"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf"}, {"name": "33328", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/33328"}, {"name": "67352", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/67352"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2084", "datePublished": "2014-05-17T19:00:00", "dateReserved": "2014-02-19T00:00:00", "dateUpdated": "2024-08-06T09:58:16.269Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.3.31-2.14:*:*:*:*:*:*:*", "matchCriteriaId": "CEBA4FB7-9E0B-413D-9775-A03471A39BC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.3.33-2.14:*:*:*:*:*:*:*", "matchCriteriaId": "14422066-583B-4B1D-80EE-E19A563A1252", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.42-2.54:*:*:*:*:*:*:*", "matchCriteriaId": "CF8F150D-CF01-442F-8CEA-BF27F1C7E79A", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.45-2.56:*:*:*:*:*:*:*", "matchCriteriaId": "4784E375-5E62-4619-8988-088D1BD99BD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:skyboxsecurity:skybox_view_appliance_iso:6.4.46-2.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E9D72E4-E263-468C-B610-0C96D1E256DC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:skyboxsecurity:skybox_view_appliance:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B2AE329-25C6-457C-A904-78742EA1FAC1", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown."}, {"lang": "es", "value": "Skybox View Appliances con ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56 y 6.4.46-2.57 no restringe debidamente acceso a la interfaz de administraci\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de solicitudes hacia (1) scripts/commands/getSystemInformation o (2) scripts/commands/getNetworkConfigurationInfo, causar una denegaci\u00f3n de servicio (reinicio) a trav\u00e9s de una solicitud hacia scripts/commands/reboot o causar una denegaci\u00f3n de servicio (apagado) a trav\u00e9s de una solicitud hacia scripts/commands/shutdown."}], "id": "CVE-2014-2084", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-17T19:55:03.167", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/33327"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/33328"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/106842"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/67352"}, {"source": "cve@mitre.org", "url": "https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/33327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/33328"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/106842"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/67352"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf\n", "lastModified": "2014-06-09T08:16:38.643", "organization": "Skybox Security"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}