CVE-2014-2084
published 2014-05-17CVE-2014-2084: Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface…
PriorityP347high8.5CVSS 2.0
AVNACLAuNCPINAC
EXPLOIT
EPSS
4.45%
90.2th percentile
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skyboxsecurity | skybox_view_appliance_iso | — | — |
| skyboxsecurity | skybox_view_appliance_iso | — | — |
| skyboxsecurity | skybox_view_appliance_iso | — | — |
| skyboxsecurity | skybox_view_appliance_iso | — | — |
| skyboxsecurity | skybox_view_appliance_iso | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Skybox Security 6.3.x < 6.4.x - Multiple Information Disclosures
exploitdb·2014-05-12·CVSS 8.5
CVE-2014-2084 [HIGH] Skybox Security 6.3.x < 6.4.x - Multiple Information Disclosures
Skybox Security 6.3.x < 6.4.x - Multiple Information Disclosures
---
# Exploit Title: [SKYBOX Security – Multiple
Information Disclosure]
# Date: [22-Jan-2014]
# Exploit Author: [Luigi Vezzoso]
# Vendor Homepage: [http://www.skyboxsecurity.com]
# Version: [Skybox View Appliances with ISO versions: 6.3.33-2.14,
6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57]
# Tested on: [Centos 6.4 kernel 2.6.32]
# CVE : [CVE-2014-2084]
#OVERVIEW
A vulnerability has been found in some Skybox View Appliances’ Admin
interfaces which would allow a potential malicious party to bypass
the authentication mechanism and obtain read-only access to the
appliance’s administrative menus. This would allow the malicious
party to read system-related information such as interface names, IP
addresses and the applia
Exploit-DB
Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities
exploitdb·2014-05-12·CVSS 8.5
CVE-2014-2085 [HIGH] Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities
Skybox Security 6.3.x < 6.4.x - Multiple Denial of Service Vulnerabilities
---
# Exploit Title: [SKYBOX Security - DDOS]
# Date: [22-Jan-2014]
# Exploit Author: [Luigi Vezzoso]
# Vendor Homepage: [http://www.skyboxsecurity.com]
# Version: [Skybox View Appliances with ISO versions: 6.3.33-2.14,
6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57]
# Tested on: [Centos 6.4 kernel 2.6.32]
# CVE : [CVE-2014-2085]
#OVERVIEW
A vulnerability has been found in some Skybox View Appliances’ Admin
interfaces which would allow a potential malicious party to bypass
the authentication mechanism and execute reboot and/or shutdown of
appliance self
#INTRODUCTION
Skybox Security has a complete portfolio of security management
tools that deliver the security intelligence needed to act fast to
minimize ri
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/33327http://www.exploit-db.com/exploits/33328http://www.osvdb.org/106842http://www.securityfocus.com/bid/67352https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdfhttp://www.exploit-db.com/exploits/33327http://www.exploit-db.com/exploits/33328http://www.osvdb.org/106842http://www.securityfocus.com/bid/67352https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf
2014-05-17
Published