CVE-2014-6433
published 2014-10-07CVE-2014-6433: gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.
PriorityP352critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
3.32%
87.1th percentile
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gopro | gopro_hero | — | — |
| gopro | gopro_hero_firmware | — | — |
| openstack | neutron | >= 0 < 1:2014.1-0ubuntu1.3 | 1:2014.1-0ubuntu1.3 |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j255-whqq-vqp4: gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action
ghsa_unreviewed·2022-05-17
CVE-2014-6433 [HIGH] CWE-94 GHSA-j255-whqq-vqp4: gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.
OSV
neutron vulnerabilities
osv·2014-06-25·CVSS 7.6
CVE-2013-6433 neutron vulnerabilities
neutron vulnerabilities
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron
did not properly set up its sudo configuration. If a different flaw was
found in OpenStack Neutron, this vulnerability could be used to escalate
privileges. (CVE-2013-6433)
Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in
OpenStack Neutron did not properly perform input validation when creating
security group rules when specifying --remote-ip-prefix. A remote
authenticated attacker could exploit this to prevent application of
additional rules. (CVE-2014-0187)
Thiago Martins discovered that OpenStack Neutron would inappropriately
apply SNAT rules to IPv6 subnets when using the L3-agent. A remote
authenticated attacker could exploit this to prevent floating IPv4
addre
Red Hat
openstack-neutron: regression of fix for CVE-2013-6433
vendor_redhat·2014-09-12·CVSS 7.6
CVE-2014-3632 [HIGH] openstack-neutron: regression of fix for CVE-2013-6433
openstack-neutron: regression of fix for CVE-2013-6433
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
It was discovered that the openstack-neutron package in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released with a sudoers file containing a configuration error. This error caused OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
Package: openstack-neutron (Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7) - Not affect
No detection rules found.
No public exploits indexed.
arXiv
Mission Aware Cyber-physical Security
arxiv_fulltext·2025-10-23
Mission Aware Cyber-physical Security
Mission Aware Cyber-physical Security
[1]Georgios Bakirtzis
[2]Bryan Carter
[3]Cody H. Fleming
[4]Carl R. Elks
[1]LTCI, Télécom Paris, Institut Polytechnique de Paris
[2]University of Virginia
[3]Iowa State University
[4]Virginia Commonwealth University
Cody Fleming PhD, Iowa State University, Ames, Iowa, 50011, USA
[email protected]
## Abstract
Perimeter cybersecurity, while essential, has proven insufficient against sophisticated, coordinated, and cyber-physical attacks. In contrast, mission-centric cybersecurity emphasizes finding evidence of attack impact on mission success, allowing for targeted resource allocation to mitigate vulnerabilities and protect critical assets. Mission Aware is a systems-theoretic cybersecurity analysis that identifies components which, if compromised,
Bugzilla
CVE-2014-3632 openstack-neutron: regression of fix for CVE-2013-6433
bugzilla·2014-09-12·CVSS 7.6
CVE-2014-3632 [HIGH] CVE-2014-3632 openstack-neutron: regression of fix for CVE-2013-6433
CVE-2014-3632 openstack-neutron: regression of fix for CVE-2013-6433
IssueDescription:
It was discovered that the openstack-neutron package in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released with a sudoers file containing a configuration error. This error caused OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
Discussion:
This issue has been addressed in the following products:
OpenStack 5 for RHEL 6
Via RHSA-2014:1339 https://rhn.redhat.com/errata/RHSA-2014-1339.html
Bugzilla
CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
bugzilla·2013-12-10·CVSS 7.6
CVE-2013-6433 [HIGH] CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
Kashyap Chamarthy reports:
It's possible for Neutron (OpenStack networking) users to pass arbitrary
config files via rootwrap[*] which allows privilege escalation
by letting user add more exec directories, change configurations of
commands using rootwrap, log more than what needs to be done, etc.
Discussion:
Acknowledgements:
This issue was discovered by Kashyap Chamarthy of Red Hat.
---
This issue has been addressed in following products:
OpenStack 4 for RHEL 6
Via RHSA-2014:0516 https://rhn.redhat.com/errata/RHSA-2014-0516.html
2014-10-07
Published