Sign-up

ID

VAR-201406-0328


CVE

CVE-2014-3048


TITLE

IBM System Storage Virtualization Engine TS7700 Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2014-002796

DESCRIPTION

Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command. The IBM Virtualization Engine integrates IBM servers, disks and tape into an integrated product that simplifies the backup/recovery process to protect critical customer data and provide business continuity through fast recovery. Unprivileged users can invoke privileged commands via SSH, allowing an attacker to exploit the vulnerability to send all administrative commands. Local attackers may exploit this issue to gain elevated privileges. The product supports creation of multiple virtual tape volumes, data backup and recovery, cache encryption, and more

Trust: 2.52

sources: NVD: CVE-2014-3048 // JVNDB: JVNDB-2014-002796 // CNVD: CNVD-2014-03652 // BID: 67942 // VULHUB: VHN-70987

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-03652

AFFECTED PRODUCTS

vendor:ibmmodel:system storage virtualization engine ts7700scope:eqversion: -

Trust: 2.6

vendor:ibmmodel:virtualization engine ts7700scope: - version: -

Trust: 1.6

vendor:ibmmodel:system storage virtualization engine ts7700scope: - version: -

Trust: 0.6

vendor:ibmmodel:virtualization engine ts7700scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2014-03652 // BID: 67942 // JVNDB: JVNDB-2014-002796 // CNNVD: CNNVD-201406-111 // NVD: CVE-2014-3048

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-3048
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-3048
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-03652
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201406-111
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70987
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-3048
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-03652
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70987
severity: MEDIUM
baseScore: 6.0
vectorString: AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 1.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-03652 // VULHUB: VHN-70987 // JVNDB: JVNDB-2014-002796 // CNNVD: CNNVD-201406-111 // NVD: CVE-2014-3048

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2014-3048

THREAT TYPE

local

Trust: 0.9

sources: BID: 67942 // CNNVD: CNNVD-201406-111

TYPE

Design Error

Trust: 0.3

sources: BID: 67942

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-002796

PATCH
title:S1004653url:http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004653
Trust: 0.8
title:IBM Virtualization Engine TS7700 patch for insufficient SSH user limit vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/46400
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-03652 // 
            
            
            
            JVNDB: JVNDB-2014-002796

EXTERNAL IDS
db:NVDid:CVE-2014-3048
Trust: 3.4
db:BIDid:67942
Trust: 1.4
db:JVNDBid:JVNDB-2014-002796
Trust: 0.8
db:CNNVDid:CNNVD-201406-111
Trust: 0.7
db:CNVDid:CNVD-2014-03652
Trust: 0.6
db:XFid:93434
Trust: 0.6
db:XFid:7700
Trust: 0.6
db:VULHUBid:VHN-70987
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-03652 // 
            
            
            
            VULHUB: VHN-70987 // 
            
            
            
            BID: 67942 // 
            
            
            
            JVNDB: JVNDB-2014-002796 // 
            
            
            
            CNNVD: CNNVD-201406-111 // 
            
            
            
            NVD: CVE-2014-3048

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004653
Trust: 2.3
url:http://www.securityfocus.com/bid/67942
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/93434
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3048
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3048
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/93434
Trust: 0.6
url:http://www.ibm.com/
Trust: 0.3
url:https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004653
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-03652 // 
            
            
            
            VULHUB: VHN-70987 // 
            
            
            
            BID: 67942 // 
            
            
            
            JVNDB: JVNDB-2014-002796 // 
            
            
            
            CNNVD: CNNVD-201406-111 // 
            
            
            
            NVD: CVE-2014-3048

CREDITS
IBM
Trust: 0.3
sources:
            
            
            BID: 67942

SOURCES
db:CNVDid:CNVD-2014-03652
db:VULHUBid:VHN-70987
db:BIDid:67942
db:JVNDBid:JVNDB-2014-002796
db:CNNVDid:CNNVD-201406-111
db:NVDid:CVE-2014-3048

LAST UPDATE DATE
2025-04-13T23:12:57.354000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-03652date:2014-06-13T00:00:00
db:VULHUBid:VHN-70987date:2017-08-29T00:00:00
db:BIDid:67942date:2014-06-04T00:00:00
db:JVNDBid:JVNDB-2014-002796date:2014-06-10T00:00:00
db:CNNVDid:CNNVD-201406-111date:2014-06-10T00:00:00
db:NVDid:CVE-2014-3048date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-03652date:2014-06-13T00:00:00
db:VULHUBid:VHN-70987date:2014-06-08T00:00:00
db:BIDid:67942date:2014-06-04T00:00:00
db:JVNDBid:JVNDB-2014-002796date:2014-06-10T00:00:00
db:CNNVDid:CNNVD-201406-111date:2014-06-10T00:00:00
db:NVDid:CVE-2014-3048date:2014-06-08T23:55:02.570