CVE-2014-6260 - Vulnerability Details - OpenCVE

Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zenoss	Zenoss Core

Configuration 1 [-]

OR	cpe:2.3:a:zenoss:zenoss_core::beta_3::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.4.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.4.5:::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.5.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.5.1:::::::*
	cpe:2.3:a:zenoss:zenoss_core:2.5.2:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.0.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.0.1:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.0.2:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.0.3:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.1.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.2.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:3.2.1:::::::*
	cpe:2.3:a:zenoss:zenoss_core:4.2.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:4.2.3:::::::*
	cpe:2.3:a:zenoss:zenoss_core:4.2.4:::::::*
	cpe:2.3:a:zenoss:zenoss_core:4.2.5:::::::*
	cpe:2.3:a:zenoss:zenoss_core:5.0.0:::::::*
	cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_1::::::
	cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_2::::::

No data.

References

Link	Providers
http://www.kb.cert.org/vuls/id/449452
https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-15T17:27:00

Updated: 2024-08-06T12:10:12.987Z

Reserved: 2014-09-05T00:00:00

Link: CVE-2014-6260

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-12-15T18:59:13.503

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-6260

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-12-13T04:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#449452", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/449452"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6260", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#449452", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/449452"}, {"name": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing", "refsource": "CONFIRM", "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T12:10:12.987Z"}, "title": "CVE Program Container", "references": [{"name": "VU#449452", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/449452"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-6260", "datePublished": "2014-12-15T17:27:00", "dateReserved": "2014-09-05T00:00:00", "dateUpdated": "2024-08-06T12:10:12.987Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zenoss:zenoss_core:*:beta_3:*:*:*:*:*:*", "matchCriteriaId": "E07C6E2D-EA8A-4676-BF15-00275D764503", "versionEndIncluding": "5.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "81B69C06-16CA-4A73-8EF8-3E2103D14438", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "33BCBA94-31A9-4B0B-943D-8BB31B552B55", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CD24A2C-C0B5-43B3-8F8E-7E72FF8B65B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "F73AE1C8-8EF9-4AD2-88A9-5108B0B64D8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "B4C24942-BE6F-4BDF-8642-4458229F8995", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCCAE80F-40D6-44B4-8253-5A27B2A2E015", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "020D8B51-8378-4E4B-A72F-6B5C7ED9CEDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "84FFAAE5-E7EC-40D7-8BEC-335FB6A9EA56", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE2CE264-118C-4EE1-9454-7940B6EE7704", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "498262F4-FDA2-4FAD-A45A-1C0EE87F83FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2CAD8E20-EB1E-49E7-9620-539749F125C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B696A404-81CD-4F97-9C45-4E0667685BCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "B6F74787-A72A-4C79-8682-91DD6BE85E78", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "7803AA36-92DC-4362-AB99-99A06B1329EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "60BDF496-3032-48E2-AAE4-849488F308A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "D37107EA-3F8B-44A3-BE8E-B8F8C6B5CB62", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1C692049-A157-4783-B559-557E572FCE16", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_1:*:*:*:*:*:*", "matchCriteriaId": "38074012-8B78-42B6-B2F5-6BDB84517990", "vulnerable": true}, {"criteria": "cpe:2.3:a:zenoss:zenoss_core:5.0.0:beta_2:*:*:*:*:*:*", "matchCriteriaId": "05E299D7-0960-40FB-8B6F-A01A047F0A77", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outage) by leveraging an unattended workstation, aka ZEN-15412."}, {"lang": "es", "value": "Zenoss Core hasta 5 Beta 3 no requiere una contrase\u00f1a para modificar la cadena de comandos del paginador, lo que permite a atacantes remotos ejecutar comandos arbitrarios o causar una denegaci\u00f3n de servicio (interrupci\u00f3n de paginaci\u00f3n) mediante el aprovechamiento de una estaci\u00f3n de trabajo desatendida, tambi\u00e9n conocido como ZEN-15412."}], "id": "CVE-2014-6260", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-12-15T18:59:13.503", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/449452"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/449452"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Addressed in versions 5.1.1, 4.2.5.SP650, and 4.2.4.SP854", "lastModified": "2016-03-21T12:00:20.787", "organization": "Zenoss"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}