Details of VAR-202006-1197

ID

VAR-202006-1197

CVE

CVE-2014-7174

TITLE

FarLinX X25 Gateway Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2014-008948

DESCRIPTION

FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature. FarSite Communications FarLinX X25 Gateway is a gateway product of FarSite Communications in the UK. The product has a browser interface, online statistical information set, connection log records, active session display, and status change alerts. The vulnerability stems from network systems or products failing to properly filter special elements in resources or file paths. Attackers can use this vulnerability to restrict access Location outside the directory

Trust: 2.25

sources: NVD: CVE-2014-7174 // JVNDB: JVNDB-2014-008948 // CNVD: CNVD-2020-36281 // VULMON: CVE-2014-7174

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-36281

AFFECTED PRODUCTS

vendor:	farsite	model:	farlinx x25 gateway	scope:	lte	version:	2014-09-25	Trust: 1.0
vendor:	farsite	model:	farlinx x25 gateway	scope:	eq	version:	2014/09/25	Trust: 0.8
vendor:	farsite	model:	communications farlinx gateway	scope:	eq	version:	x25<=2014-09-25	Trust: 0.6

sources: CNVD: CNVD-2020-36281 // JVNDB: JVNDB-2014-008948 // NVD: CVE-2014-7174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-7174
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2014-008948
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-36281
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202006-039
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2014-7174
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-7174
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2014-008948
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-36281
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2014-7174
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	JVNDB-2014-008948
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-36281 // VULMON: CVE-2014-7174 // JVNDB: JVNDB-2014-008948 // CNNVD: CNNVD-202006-039 // NVD: CVE-2014-7174

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2014-008948 // NVD: CVE-2014-7174

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-039

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202006-039

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008948

PATCH

title:

FarLinX X25 Gateway

url:

https://www.farsite.com/TCP_IP_X.25_Gateway/FarLinX_X.25_gateway.php

Trust: 0.8

sources: JVNDB: JVNDB-2014-008948

EXTERNAL IDS

db:	NVD	id:	CVE-2014-7174	Trust: 3.1
db:	JVNDB	id:	JVNDB-2014-008948	Trust: 0.8
db:	CNVD	id:	CNVD-2020-36281	Trust: 0.6
db:	NSFOCUS	id:	47179	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-039	Trust: 0.6
db:	VULMON	id:	CVE-2014-7174	Trust: 0.1

sources: CNVD: CNVD-2020-36281 // VULMON: CVE-2014-7174 // JVNDB: JVNDB-2014-008948 // CNNVD: CNNVD-202006-039 // NVD: CVE-2014-7174

REFERENCES

url:	https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7174	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7174	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47179	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-36281 // VULMON: CVE-2014-7174 // JVNDB: JVNDB-2014-008948 // CNNVD: CNNVD-202006-039 // NVD: CVE-2014-7174

SOURCES

db:	CNVD	id:	CNVD-2020-36281
db:	VULMON	id:	CVE-2014-7174
db:	JVNDB	id:	JVNDB-2014-008948
db:	CNNVD	id:	CNNVD-202006-039
db:	NVD	id:	CVE-2014-7174

LAST UPDATE DATE

2024-11-23T23:11:24.429000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-36281	date:	2020-07-06T00:00:00
db:	VULMON	id:	CVE-2014-7174	date:	2020-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-008948	date:	2020-06-25T00:00:00
db:	CNNVD	id:	CNNVD-202006-039	date:	2020-07-17T00:00:00
db:	NVD	id:	CVE-2014-7174	date:	2024-11-21T02:16:27.580

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-36281	date:	2020-07-06T00:00:00
db:	VULMON	id:	CVE-2014-7174	date:	2020-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2014-008948	date:	2020-06-25T00:00:00
db:	CNNVD	id:	CNNVD-202006-039	date:	2020-06-01T00:00:00
db:	NVD	id:	CVE-2014-7174	date:	2020-06-01T17:15:11.900