Sign-up

ID

VAR-201410-0375


CVE

CVE-2014-4868


TITLE

Brocade Vyatta 5400 vRouter contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#111588

DESCRIPTION

The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. Brocade Vyatta 5400 vRouter fails to properly handle user-submitted (`) characters, allowing remote attackers to exploit vulnerabilities to submit special requests, inject OS commands and execute them. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability An attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7

Trust: 3.24

sources: NVD: CVE-2014-4868 // CERT/CC: VU#111588 // JVNDB: JVNDB-2014-004563 // CNVD: CNVD-2014-06610 // BID: 70226 // VULHUB: VHN-72809

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-06610

AFFECTED PRODUCTS

vendor:brocademodel:vyatta 5400 vrouter softwarescope:eqversion:6.6

Trust: 1.6

vendor:brocademodel:vyatta 5400 vrouter softwarescope:eqversion:6.7

Trust: 1.6

vendor:brocademodel:vyatta 5400 vrouter softwarescope:eqversion:6.4

Trust: 1.6

vendor:brocademodel:vyatta 5400 vrouterscope:eqversion: -

Trust: 1.0

vendor:brocademodel: - scope: - version: -

Trust: 0.8

vendor:brocademodel:vyatta 5400 vrouterscope: - version: -

Trust: 0.8

vendor:brocademodel:vyatta 5400 vrouter softwarescope:eqversion:6.4r(x)

Trust: 0.8

vendor:brocademodel:vyatta 5400 vrouter softwarescope:eqversion:6.6r(x)

Trust: 0.8

vendor:brocademodel:vyatta 5400 vrouter softwarescope:eqversion:6.7r1

Trust: 0.8

vendor:brocademodel:vyatta vrouter 6.4rscope:eqversion:5400

Trust: 0.6

vendor:brocademodel:vyatta vrouter 6.6rscope:eqversion:5400

Trust: 0.6

vendor:brocademodel:vyatta vrouter 6.7r1scope:eqversion:5400

Trust: 0.6

sources: CERT/CC: VU#111588 // CNVD: CNVD-2014-06610 // JVNDB: JVNDB-2014-004563 // CNNVD: CNNVD-201410-130 // NVD: CVE-2014-4868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4868
value: HIGH

Trust: 1.0

NVD: CVE-2014-4868
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-06610
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201410-130
value: CRITICAL

Trust: 0.6

VULHUB: VHN-72809
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-4868
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-06610
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-72809
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-06610 // VULHUB: VHN-72809 // JVNDB: JVNDB-2014-004563 // CNNVD: CNNVD-201410-130 // NVD: CVE-2014-4868

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-72809 // JVNDB: JVNDB-2014-004563 // NVD: CVE-2014-4868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-130

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201410-130

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004563

PATCH
title:Brocade Vyatta 5400 vRouterurl:http://www.brocadejapan.com/products/network-functions-virtualization/5400-vrouter/overview
Trust: 0.8
title:TSB 2014-197-Aurl:http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-vyatta-5400-vrouter-low-risk-vulnerabilities.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004563

EXTERNAL IDS
db:CERT/CCid:VU#111588
Trust: 4.2
db:NVDid:CVE-2014-4868
Trust: 3.4
db:BIDid:70226
Trust: 0.9
db:JVNid:JVNVU98637322
Trust: 0.8
db:JVNDBid:JVNDB-2014-004563
Trust: 0.8
db:CNNVDid:CNNVD-201410-130
Trust: 0.7
db:CNVDid:CNVD-2014-06610
Trust: 0.6
db:VULHUBid:VHN-72809
Trust: 0.1
sources:
            
            
            CERT/CC: VU#111588 // 
            
            
            
            CNVD: CNVD-2014-06610 // 
            
            
            
            VULHUB: VHN-72809 // 
            
            
            
            BID: 70226 // 
            
            
            
            JVNDB: JVNDB-2014-004563 // 
            
            
            
            CNNVD: CNNVD-201410-130 // 
            
            
            
            NVD: CVE-2014-4868

REFERENCES
url:http://www.kb.cert.org/vuls/id/111588
Trust: 3.4
url:http://www.brocade.com/index.page
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4868
Trust: 0.8
url:http://jvn.jp/vu/jvnvu98637322/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4868
Trust: 0.8
url:http://www.brocade.com/products/all/network-functions-virtualization/product-details/5400-vrouter/index.page
Trust: 0.3
sources:
            
            
            CERT/CC: VU#111588 // 
            
            
            
            CNVD: CNVD-2014-06610 // 
            
            
            
            VULHUB: VHN-72809 // 
            
            
            
            BID: 70226 // 
            
            
            
            JVNDB: JVNDB-2014-004563 // 
            
            
            
            CNNVD: CNNVD-201410-130 // 
            
            
            
            NVD: CVE-2014-4868

CREDITS
Owen Shearing
Trust: 0.3
sources:
            
            
            BID: 70226

SOURCES
db:CERT/CCid:VU#111588
db:CNVDid:CNVD-2014-06610
db:VULHUBid:VHN-72809
db:BIDid:70226
db:JVNDBid:JVNDB-2014-004563
db:CNNVDid:CNNVD-201410-130
db:NVDid:CVE-2014-4868

LAST UPDATE DATE
2025-04-13T23:25:22.164000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#111588date:2014-10-03T00:00:00
db:CNVDid:CNVD-2014-06610date:2014-10-11T00:00:00
db:VULHUBid:VHN-72809date:2014-10-07T00:00:00
db:BIDid:70226date:2014-10-03T00:00:00
db:JVNDBid:JVNDB-2014-004563date:2014-10-08T00:00:00
db:CNNVDid:CNNVD-201410-130date:2014-10-14T00:00:00
db:NVDid:CVE-2014-4868date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#111588date:2014-10-03T00:00:00
db:CNVDid:CNVD-2014-06610date:2014-10-11T00:00:00
db:VULHUBid:VHN-72809date:2014-10-07T00:00:00
db:BIDid:70226date:2014-10-03T00:00:00
db:JVNDBid:JVNDB-2014-004563date:2014-10-08T00:00:00
db:CNNVDid:CNNVD-201410-130date:2014-10-14T00:00:00
db:NVDid:CVE-2014-4868date:2014-10-07T10:55:04.290