Details of VAR-201406-0471

ID

VAR-201406-0471

TITLE

Onnto RAID Master Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 68062 // CNNVD: CNNVD-201406-362

DESCRIPTION

Onnto RAID Master is a set of GUI software used by Onnto to manage the DataTale SMART Thunderbolt RAID system (disk array system). Onnto RAID Master has access bypass vulnerability, command injection vulnerability and cross-site request forgery vulnerability. Attackers can use these vulnerabilities to perform administrator operations, execute arbitrary shell commands, and read or modify data. Onnto RAID Master is prone to the following security vulnerabilities: 1. An access-bypass vulnerability. 2. Multiple command injection vulnerabilities. 3. Other attacks are also possible

Trust: 1.35

sources: CNVD: CNVD-2014-03799 // CNNVD: CNNVD-201406-362 // BID: 68062

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03799

AFFECTED PRODUCTS

vendor:	onnto	model:	raid master raid master rev358 for os	scope:	eq	version:	x	Trust: 0.6
vendor:	onnto	model:	raid master	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-03799 // BID: 68062

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-03799
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-03799
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-03799

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-362

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 68062

EXTERNAL IDS

db:	BID	id:	68062	Trust: 1.5
db:	CNVD	id:	CNVD-2014-03799	Trust: 0.6
db:	CNNVD	id:	CNNVD-201406-362	Trust: 0.6

sources: CNVD: CNVD-2014-03799 // BID: 68062 // CNNVD: CNNVD-201406-362

REFERENCES

url:	http://seclists.org/fulldisclosure/2014/jun/85	Trust: 0.6
url:	http://www.securityfocus.com/bid/68062	Trust: 0.6
url:	http://www.onnto.com.tw	Trust: 0.3

sources: CNVD: CNVD-2014-03799 // BID: 68062 // CNNVD: CNNVD-201406-362

CREDITS

Reed Black

Trust: 0.9

sources: BID: 68062 // CNNVD: CNNVD-201406-362

SOURCES

db:	CNVD	id:	CNVD-2014-03799
db:	BID	id:	68062
db:	CNNVD	id:	CNNVD-201406-362

LAST UPDATE DATE

2022-05-17T02:10:37.956000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03799	date:	2014-06-20T00:00:00
db:	BID	id:	68062	date:	2014-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201406-362	date:	2014-06-19T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03799	date:	2014-06-20T00:00:00
db:	BID	id:	68062	date:	2014-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201406-362	date:	2014-06-19T00:00:00