9.3
CVE-2014-6261
- EPSS 1.86%
- Published 15.12.2014 18:59:14
- Last modified 12.04.2025 10:46:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome server or (2) deploying a crafted web site that is visited during a login session, aka ZEN-12657.
Data is provided by the National Vulnerability Database (NVD)
Zenoss ≫ Zenoss Core Updatebeta_3 Version <= 5.0.0
Zenoss ≫ Zenoss Core Version2.4.0
Zenoss ≫ Zenoss Core Version2.4.5
Zenoss ≫ Zenoss Core Version2.5.0
Zenoss ≫ Zenoss Core Version2.5.1
Zenoss ≫ Zenoss Core Version2.5.2
Zenoss ≫ Zenoss Core Version3.0.0
Zenoss ≫ Zenoss Core Version3.0.1
Zenoss ≫ Zenoss Core Version3.0.2
Zenoss ≫ Zenoss Core Version3.0.3
Zenoss ≫ Zenoss Core Version3.1.0
Zenoss ≫ Zenoss Core Version3.2.0
Zenoss ≫ Zenoss Core Version3.2.1
Zenoss ≫ Zenoss Core Version4.2.0
Zenoss ≫ Zenoss Core Version4.2.3
Zenoss ≫ Zenoss Core Version4.2.4
Zenoss ≫ Zenoss Core Version4.2.5
Zenoss ≫ Zenoss Core Version5.0.0
Zenoss ≫ Zenoss Core Version5.0.0 Updatebeta_1
Zenoss ≫ Zenoss Core Version5.0.0 Updatebeta_2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.86% | 0.823 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.