Details of VAR-201410-0376

ID

VAR-201410-0376

CVE

CVE-2014-4869

TITLE

Brocade Vyatta 5400 vRouter contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#111588

DESCRIPTION

The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter Contains a vulnerability in which important encrypted password information can be obtained. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability An attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7

Trust: 3.24

sources: NVD: CVE-2014-4869 // CERT/CC: VU#111588 // JVNDB: JVNDB-2014-004564 // CNVD: CNVD-2014-06608 // BID: 70226 // VULHUB: VHN-72810

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06608

AFFECTED PRODUCTS

vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.6	Trust: 1.6
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.7	Trust: 1.6
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.4	Trust: 1.6
vendor:	brocade	model:	vyatta 5400 vrouter	scope:	eq	version:	-	Trust: 1.0
vendor:	brocade	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	brocade	model:	vyatta 5400 vrouter	scope:	-	version:	-	Trust: 0.8
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.4r(x)	Trust: 0.8
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.6r(x)	Trust: 0.8
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.7r1	Trust: 0.8
vendor:	brocade	model:	vyatta vrouter 6.4r	scope:	eq	version:	5400	Trust: 0.6
vendor:	brocade	model:	vyatta vrouter 6.6r	scope:	eq	version:	5400	Trust: 0.6
vendor:	brocade	model:	vyatta vrouter 6.7r1	scope:	eq	version:	5400	Trust: 0.6

sources: CERT/CC: VU#111588 // CNVD: CNVD-2014-06608 // JVNDB: JVNDB-2014-004564 // CNNVD: CNNVD-201410-131 // NVD: CVE-2014-4869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4869
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-4869
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-06608
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201410-131
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-72810
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-4869
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06608
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-72810
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06608 // VULHUB: VHN-72810 // JVNDB: JVNDB-2014-004564 // CNNVD: CNNVD-201410-131 // NVD: CVE-2014-4869

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-72810 // JVNDB: JVNDB-2014-004564 // NVD: CVE-2014-4869

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-131

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201410-131

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004564

PATCH

title:	Brocade Vyatta 5400 vRouter	url:	http://www.brocadejapan.com/products/network-functions-virtualization/5400-vrouter/overview	Trust: 0.8
title:	TSB 2014-197-A	url:	http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-vyatta-5400-vrouter-low-risk-vulnerabilities.pdf	Trust: 0.8

sources: JVNDB: JVNDB-2014-004564

EXTERNAL IDS

db:	CERT/CC	id:	VU#111588	Trust: 4.2
db:	NVD	id:	CVE-2014-4869	Trust: 3.4
db:	BID	id:	70226	Trust: 0.9
db:	JVN	id:	JVNVU98637322	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004564	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-131	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06608	Trust: 0.6
db:	VULHUB	id:	VHN-72810	Trust: 0.1

sources: CERT/CC: VU#111588 // CNVD: CNVD-2014-06608 // VULHUB: VHN-72810 // BID: 70226 // JVNDB: JVNDB-2014-004564 // CNNVD: CNNVD-201410-131 // NVD: CVE-2014-4869

REFERENCES

url:	http://www.kb.cert.org/vuls/id/111588	Trust: 3.4
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4869	Trust: 1.4
url:	http://www.brocade.com/index.page	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4869	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98637322/index.html	Trust: 0.8
url:	http://www.brocade.com/products/all/network-functions-virtualization/product-details/5400-vrouter/index.page	Trust: 0.3

sources: CERT/CC: VU#111588 // CNVD: CNVD-2014-06608 // VULHUB: VHN-72810 // BID: 70226 // JVNDB: JVNDB-2014-004564 // CNNVD: CNNVD-201410-131 // NVD: CVE-2014-4869

CREDITS

Owen Shearing

Trust: 0.3

sources: BID: 70226

SOURCES

db:	CERT/CC	id:	VU#111588
db:	CNVD	id:	CNVD-2014-06608
db:	VULHUB	id:	VHN-72810
db:	BID	id:	70226
db:	JVNDB	id:	JVNDB-2014-004564
db:	CNNVD	id:	CNNVD-201410-131
db:	NVD	id:	CVE-2014-4869

LAST UPDATE DATE

2025-04-13T23:25:22.201000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#111588	date:	2014-10-03T00:00:00
db:	CNVD	id:	CNVD-2014-06608	date:	2014-10-11T00:00:00
db:	VULHUB	id:	VHN-72810	date:	2014-10-07T00:00:00
db:	BID	id:	70226	date:	2014-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2014-004564	date:	2014-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201410-131	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-4869	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#111588	date:	2014-10-03T00:00:00
db:	CNVD	id:	CNVD-2014-06608	date:	2014-10-09T00:00:00
db:	VULHUB	id:	VHN-72810	date:	2014-10-07T00:00:00
db:	BID	id:	70226	date:	2014-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2014-004564	date:	2014-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201410-131	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-4869	date:	2014-10-07T10:55:04.337