Details of VAR-201410-1299

ID

VAR-201410-1299

CVE

CVE-2014-2646

TITLE

HP Network Automati Security Bypass Vulnerability

Trust: 0.8

sources: IVD: ca8e4fa0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06689

DESCRIPTION

Unspecified vulnerability in HP Network Automation 9.10 and 9.20 allows local users to bypass intended access restrictions via unknown vectors. HP Network Automation is an automated network configuration management tool. HP Network Automati has a security bypass vulnerability. An attacker could exploit this vulnerability to bypass certain security restrictions

Trust: 2.61

sources: NVD: CVE-2014-2646 // JVNDB: JVNDB-2014-004641 // CNVD: CNVD-2014-06689 // BID: 77997 // IVD: ca8e4fa0-2351-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:	['IoT', 'ICS']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: ca8e4fa0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06689

AFFECTED PRODUCTS

vendor:	hp	model:	network automation	scope:	eq	version:	9.10	Trust: 2.5
vendor:	hp	model:	network automation	scope:	eq	version:	9.20	Trust: 2.5
vendor:	hewlett packard	model:	hp network automation	scope:	eq	version:	9.10	Trust: 0.8
vendor:	hewlett packard	model:	hp network automation	scope:	eq	version:	9.20	Trust: 0.8
vendor:	network automation	model:	-	scope:	eq	version:	9.10	Trust: 0.2
vendor:	network automation	model:	-	scope:	eq	version:	9.20	Trust: 0.2

sources: IVD: ca8e4fa0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06689 // BID: 77997 // JVNDB: JVNDB-2014-004641 // CNNVD: CNNVD-201410-189 // NVD: CVE-2014-2646

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2646
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2646
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-06689
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201410-189
value:	HIGH
Trust: 0.6
IVD:	ca8e4fa0-2351-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2014-2646
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06689
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	ca8e4fa0-2351-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: ca8e4fa0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06689 // JVNDB: JVNDB-2014-004641 // CNNVD: CNNVD-201410-189 // NVD: CVE-2014-2646

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2014-004641 // NVD: CVE-2014-2646

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201410-189

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201410-189

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004641

PATCH

title:	HPSBMU03123 SSRT101427	url:	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c04470581	Trust: 0.8
title:	Patch for HP Network Automati Security Bypass Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/50847	Trust: 0.6
title:	HP Network Automation Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99576	Trust: 0.6

sources: CNVD: CNVD-2014-06689 // JVNDB: JVNDB-2014-004641 // CNNVD: CNNVD-201410-189

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2646	Trust: 3.5
db:	CNVD	id:	CNVD-2014-06689	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-189	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004641	Trust: 0.8
db:	BID	id:	77997	Trust: 0.3
db:	IVD	id:	CA8E4FA0-2351-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: ca8e4fa0-2351-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-06689 // BID: 77997 // JVNDB: JVNDB-2014-004641 // CNNVD: CNNVD-201410-189 // NVD: CVE-2014-2646

REFERENCES

url:	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04470581	Trust: 1.9
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2646	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2646	Trust: 0.8

sources: CNVD: CNVD-2014-06689 // BID: 77997 // JVNDB: JVNDB-2014-004641 // CNNVD: CNNVD-201410-189 // NVD: CVE-2014-2646

CREDITS

Unknown

Trust: 0.3

sources: BID: 77997

SOURCES

db:	IVD	id:	ca8e4fa0-2351-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2014-06689
db:	BID	id:	77997
db:	JVNDB	id:	JVNDB-2014-004641
db:	CNNVD	id:	CNNVD-201410-189
db:	NVD	id:	CVE-2014-2646

LAST UPDATE DATE

2025-04-12T23:34:06.082000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06689	date:	2014-10-14T00:00:00
db:	BID	id:	77997	date:	2014-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-004641	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-189	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2014-2646	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	IVD	id:	ca8e4fa0-2351-11e6-abef-000c29c66e3d	date:	2014-10-14T00:00:00
db:	CNVD	id:	CNVD-2014-06689	date:	2014-10-14T00:00:00
db:	BID	id:	77997	date:	2014-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2014-004641	date:	2014-10-14T00:00:00
db:	CNNVD	id:	CNNVD-201410-189	date:	2014-10-14T00:00:00
db:	NVD	id:	CVE-2014-2646	date:	2014-10-10T01:55:08.040