Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-2959

logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.

Published

2014-06-02T19:55:03.500

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

8.5

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	dell	powervault_ml6000_firmware	≤ i8.2.0.1_\(641g.gs003\)	Yes
Hardware	dell	powervault_ml6000	32u	Yes
Hardware	dell	powervault_ml6000	41u	Yes
Operating System	quantum	scalar_i500_firmware	≤ i8.2.2.1_\(646g.gs002\)	Yes
Hardware	quantum	scalar_i500	5u	Yes
Hardware	quantum	scalar_i500	14u	Yes
Hardware	quantum	scalar_i500	23u	Yes

References

http://secunia.com/advisories/59019 ([email protected])
http://www.kb.cert.org/vuls/id/124908 US Government Resource ([email protected])
http://www.securityfocus.com/bid/67751 ([email protected])
http://secunia.com/advisories/59019 (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/124908 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/67751 (af854a3a-2127-422b-91ae-364da2661108)