Details of VAR-201410-0377

ID

VAR-201410-0377

CVE

CVE-2014-4870

TITLE

Brocade Vyatta 5400 vRouter contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#111588

DESCRIPTION

/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability An attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The vulnerability is caused by the program not validating the parameters correctly. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7

Trust: 3.33

sources: NVD: CVE-2014-4870 // CERT/CC: VU#111588 // JVNDB: JVNDB-2014-004565 // CNVD: CNVD-2014-06609 // BID: 70226 // VULHUB: VHN-72811 // VULMON: CVE-2014-4870

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06609

AFFECTED PRODUCTS

vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.6	Trust: 1.6
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.7	Trust: 1.6
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.4	Trust: 1.6
vendor:	brocade	model:	vyatta 5400 vrouter	scope:	eq	version:	-	Trust: 1.0
vendor:	brocade	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	brocade	model:	vyatta 5400 vrouter	scope:	-	version:	-	Trust: 0.8
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.4r(x)	Trust: 0.8
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.6r(x)	Trust: 0.8
vendor:	brocade	model:	vyatta 5400 vrouter software	scope:	eq	version:	6.7r1	Trust: 0.8
vendor:	brocade	model:	vyatta vrouter 6.4r	scope:	eq	version:	5400	Trust: 0.6
vendor:	brocade	model:	vyatta vrouter 6.6r	scope:	eq	version:	5400	Trust: 0.6
vendor:	brocade	model:	vyatta vrouter 6.7r1	scope:	eq	version:	5400	Trust: 0.6

sources: CERT/CC: VU#111588 // CNVD: CNVD-2014-06609 // JVNDB: JVNDB-2014-004565 // CNNVD: CNNVD-201410-132 // NVD: CVE-2014-4870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4870
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-4870
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-06609
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201410-132
value:	HIGH
Trust: 0.6
VULHUB:	VHN-72811
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-4870
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-4870
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2014-06609
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-72811
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06609 // VULHUB: VHN-72811 // VULMON: CVE-2014-4870 // JVNDB: JVNDB-2014-004565 // CNNVD: CNNVD-201410-132 // NVD: CVE-2014-4870

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-72811 // JVNDB: JVNDB-2014-004565 // NVD: CVE-2014-4870

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201410-132

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201410-132

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004565

PATCH

title:	Brocade Vyatta 5400 vRouter	url:	http://www.brocadejapan.com/products/network-functions-virtualization/5400-vrouter/overview	Trust: 0.8
title:	TSB 2014-197-A	url:	http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-vyatta-5400-vrouter-low-risk-vulnerabilities.pdf	Trust: 0.8

sources: JVNDB: JVNDB-2014-004565

EXTERNAL IDS

db:	CERT/CC	id:	VU#111588	Trust: 4.3
db:	NVD	id:	CVE-2014-4870	Trust: 3.5
db:	BID	id:	70226	Trust: 0.9
db:	JVN	id:	JVNVU98637322	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004565	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-132	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06609	Trust: 0.6
db:	VULHUB	id:	VHN-72811	Trust: 0.1
db:	VULMON	id:	CVE-2014-4870	Trust: 0.1

sources: CERT/CC: VU#111588 // CNVD: CNVD-2014-06609 // VULHUB: VHN-72811 // VULMON: CVE-2014-4870 // BID: 70226 // JVNDB: JVNDB-2014-004565 // CNNVD: CNNVD-201410-132 // NVD: CVE-2014-4870

REFERENCES

url:	http://www.kb.cert.org/vuls/id/111588	Trust: 3.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4870	Trust: 1.4
url:	http://www.brocade.com/index.page	Trust: 1.1
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4870	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98637322/index.html	Trust: 0.8
url:	http://www.brocade.com/products/all/network-functions-virtualization/product-details/5400-vrouter/index.page	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

CREDITS

Owen Shearing

Trust: 0.3

sources: BID: 70226

SOURCES

db:	CERT/CC	id:	VU#111588
db:	CNVD	id:	CNVD-2014-06609
db:	VULHUB	id:	VHN-72811
db:	VULMON	id:	CVE-2014-4870
db:	BID	id:	70226
db:	JVNDB	id:	JVNDB-2014-004565
db:	CNNVD	id:	CNNVD-201410-132
db:	NVD	id:	CVE-2014-4870

LAST UPDATE DATE

2025-04-13T23:25:22.124000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#111588	date:	2014-10-03T00:00:00
db:	CNVD	id:	CNVD-2014-06609	date:	2014-10-11T00:00:00
db:	VULHUB	id:	VHN-72811	date:	2014-10-07T00:00:00
db:	VULMON	id:	CVE-2014-4870	date:	2014-10-07T00:00:00
db:	BID	id:	70226	date:	2014-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2014-004565	date:	2014-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201410-132	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-4870	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#111588	date:	2014-10-03T00:00:00
db:	CNVD	id:	CNVD-2014-06609	date:	2014-10-11T00:00:00
db:	VULHUB	id:	VHN-72811	date:	2014-10-07T00:00:00
db:	VULMON	id:	CVE-2014-4870	date:	2014-10-07T00:00:00
db:	BID	id:	70226	date:	2014-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2014-004565	date:	2014-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201410-132	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-4870	date:	2014-10-07T10:55:04.387