Sign-up

ID

VAR-201801-0079


CVE

CVE-2014-5070


TITLE

Symmetricom s350i Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2014-008463

DESCRIPTION

Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. Symmetricom s350i Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Microsemi Symmetricom s350i is a clock server of American Microsemi Company. A security vulnerability exists in Microsemi Symmetricom s350i version 2.70.15. A remote attacker could exploit this vulnerability to gain privileges

Trust: 1.71

sources: NVD: CVE-2014-5070 // JVNDB: JVNDB-2014-008463 // VULHUB: VHN-73011

AFFECTED PRODUCTS

vendor:microsemimodel:s350iscope:eqversion:2.70.15

Trust: 1.0

vendor:microsemimodel:symmetricom syncserver s350iscope:eqversion:2.70.15

Trust: 0.8

vendor:symmetricommodel:s350iscope:eqversion:2.70.15

Trust: 0.6

sources: JVNDB: JVNDB-2014-008463 // CNNVD: CNNVD-201801-432 // NVD: CVE-2014-5070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5070
value: HIGH

Trust: 1.0

NVD: CVE-2014-5070
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201801-432
value: HIGH

Trust: 0.6

VULHUB: VHN-73011
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-5070
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-73011
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-5070
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2014-5070
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-73011 // JVNDB: JVNDB-2014-008463 // CNNVD: CNNVD-201801-432 // NVD: CVE-2014-5070

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-73011 // JVNDB: JVNDB-2014-008463 // NVD: CVE-2014-5070

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-432

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201801-432

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008463

PATCH
title:Top Pageurl:https://www.microsemi.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008463

EXTERNAL IDS
db:NVDid:CVE-2014-5070
Trust: 2.5
db:JVNDBid:JVNDB-2014-008463
Trust: 0.8
db:CNNVDid:CNNVD-201801-432
Trust: 0.7
db:VULHUBid:VHN-73011
Trust: 0.1
sources:
            
            
            VULHUB: VHN-73011 // 
            
            
            
            JVNDB: JVNDB-2014-008463 // 
            
            
            
            CNNVD: CNNVD-201801-432 // 
            
            
            
            NVD: CVE-2014-5070

REFERENCES
url:https://www.portcullis.co.uk/security-research-and-downloads/security-advisories/cve-2014-5070/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5070
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2014-5070
Trust: 0.8
url:https://www.portcullis.co.uk/security-research-and-downloads/security-advisories/cve-2014-5070
Trust: 0.8
sources:
            
            
            VULHUB: VHN-73011 // 
            
            
            
            JVNDB: JVNDB-2014-008463 // 
            
            
            
            CNNVD: CNNVD-201801-432 // 
            
            
            
            NVD: CVE-2014-5070

SOURCES
db:VULHUBid:VHN-73011
db:JVNDBid:JVNDB-2014-008463
db:CNNVDid:CNNVD-201801-432
db:NVDid:CVE-2014-5070

LAST UPDATE DATE
2024-11-23T21:39:59.750000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-73011date:2018-01-29T00:00:00
db:JVNDBid:JVNDB-2014-008463date:2018-02-13T00:00:00
db:CNNVDid:CNNVD-201801-432date:2021-09-14T00:00:00
db:NVDid:CVE-2014-5070date:2024-11-21T02:11:21.437

SOURCES RELEASE DATE
db:VULHUBid:VHN-73011date:2018-01-11T00:00:00
db:JVNDBid:JVNDB-2014-008463date:2018-02-13T00:00:00
db:CNNVDid:CNNVD-201801-432date:2018-01-12T00:00:00
db:NVDid:CVE-2014-5070date:2018-01-11T16:29:00.377