cbcvebase.
CVE-2014-3418
published 2014-07-15

CVE-2014-3418: config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the…

PriorityP269critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
7.17%
93.5th percentile
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.

Affected

6 ranges
VendorProductVersion rangeFixed in
infobloxnetmri<= 6.8.4
infobloxnetmri
infobloxnetmri
infobloxnetmri
infobloxnetmri
infobloxnetmri

Detection & IOCsextracted from sources · hover to see the quote

pathconfig/userAdmin/login.tdf
pathnetmri/config/userAdmin/login.tdf
commandadmin`ping -n 20 127.0.0.1`
filenamev6.X-NETMRI-20710.gpg
  • Monitor HTTP POST requests to the path 'netmri/config/userAdmin/login.tdf' for shell metacharacters (backticks, semicolons, pipes, etc.) in the 'skipjackUsername' parameter, which indicates exploitation of this unauthenticated OS command injection.
  • The exploit uses multipart/form-data Content-Type; inspect POST body for the 'skipjackUsername' field containing backtick-wrapped OS commands (e.g., `ping`, `wget`, `curl`) as a key injection pattern.
  • This attack requires no authentication; any POST to the login endpoint with shell metacharacters in skipjackUsername should be treated as a high-severity exploitation attempt.
  • A public Metasploit module exists for this CVE at https://github.com/depthsecurity/NetMRI-2014-3418; correlate IDS/WAF alerts with known Metasploit user-agent strings or request patterns when investigating hits on this endpoint.
  • ·Affected versions span a wide range (6.4.X.X through 6.8.4.X); ensure version fingerprinting covers this full range when scanning for vulnerable Infoblox NetMRI/Switch Port Manager/Automation Change Manager/Security Device Controller appliances.
  • ·The vulnerability is present across multiple licensed product names on the same platform; detection rules should not be scoped only to 'NetMRI' but also to Switch Port Manager, Automation Change Manager, and Security Device Controller.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.