CVE Vulnerabilities

CVE-2014-4867

Published: Oct 10, 2014 | Modified: Oct 15, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:L/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo-mgmt program.

Affected Software

Name Vendor Start Version End Version
Cryoserver_security_appliance Cryoserver 7.3.0 7.3.0
Cryoserver_security_appliance Cryoserver 7.3.2 7.3.2
Cryoserver_security_appliance Cryoserver 7.3.3 7.3.3
Cryoserver_security_appliance Cryoserver 7.3.1 7.3.1
Cryoserver_security_appliance Cryoserver 7.3.1 7.3.1
Cryoserver_security_appliance Cryoserver 7.3.0 7.3.0
Cryoserver_security_appliance Cryoserver 7.3.4 7.3.4

References