Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities.
Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain the following vulnerabilities:
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - CVE-2014-4868
An authenticated, unprivileged user may be able to run arbitrary operating system commands, access files containing sensitive information, and escalate privileges to those of a root user.
Brocade does not plan to release a patch for these vulnerabilities at this time. The Brocade Technical Advisory TSB 2014-197-A suggests the following workarounds:
Administrators are advised of the following:
7Safe would like to credit Owen Shearing for discovering these vulnerabilities.