cbcvebase.
CVE-2014-0104
published 2020-01-02

CVE-2014-0104: In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle…

PriorityP427medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
0.83%
53.1th percentile
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.

Affected

7 ranges
VendorProductVersion rangeFixed in
clusterlabsfence-agents< 4.0.174.0.17
debianfence-agents< fence-agents 4.0.17-1 (bookworm)fence-agents 4.0.17-1 (bookworm)
fence-agentsfence-agents
fence-agentsfence-agents>= 0 < 4.0.17-14.0.17-1
fence-agentsfence-agents>= 0 < 4.0.17-14.0.17-1
fence-agentsfence-agents>= 0 < 4.0.17-14.0.17-1
fence-agentsfence-agents>= 0 < 4.0.17-14.0.17-1

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.9MEDIUM
vendor_debian5.9LOW
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.