Vulnerability Details : CVE-2014-1682
The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2014-1682
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 53 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1682
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2014-1682
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1682
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
[SECURITY] Fedora 20 Update: zabbix-2.0.11-3.fc20
-
http://www.securityfocus.com/bid/65402
Zabbix User Spoofing Vulnerability
-
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
[SECURITY] Fedora 19 Update: zabbix-2.0.11-3.fc19
-
https://support.zabbix.com/browse/ZBX-7703
[ZBX-7703] Security flaw with API access when using HTTP authentication - ZABBIX SUPPORT
Products affected by CVE-2014-1682
- cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.0:rc6:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.15:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.7:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.8:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.9:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.1:-:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.4:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.2:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.8:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.0.9:rc1:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:2.2.0:-:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*