Vulnerability Note VU#111588
Brocade Vyatta 5400 vRouter contains multiple vulnerabilities
Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities.
Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain the following vulnerabilities:
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - CVE-2014-4868
An authenticated, unprivileged user may be able to run arbitrary operating system commands, access files containing sensitive information, and escalate privileges to those of a root user.
Brocade does not plan to release a patch for these vulnerabilities at this time. The Brocade Technical Advisory TSB 2014-197-A suggests the following workarounds:
Administrators are advised of the following:
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Brocade||Affected||07 Aug 2014||01 Oct 2014|
CVSS Metrics (Learn More)
7Safe would like to credit Owen Shearing for discovering these vulnerabilities.
This document was written by Todd Lewellen.
- CVE IDs: CVE-2014-4868 CVE-2014-4869 CVE-2014-4870
- Date Public: 03 Oct 2014
- Date First Published: 03 Oct 2014
- Date Last Updated: 03 Oct 2014
- Document Revision: 18
If you have feedback, comments, or additional information about this vulnerability, please send us email.