Vulnerability Details : CVE-2014-3419
Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2014-3419
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3419
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2014-3419
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3419
-
http://www.securityfocus.com/archive/1/532710/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/bid/68473
Multiple Infoblox Network Automation Products Local Security Bypass Vulnerability
-
http://packetstormsecurity.com/files/127410/Infoblox-6.8.4.x-Weak-MySQL-Password.html
Infoblox 6.8.4.x Weak MySQL Password ≈ Packet StormExploit
-
https://github.com/depthsecurity/NetMRI-2014-3418
GitHub - depthsecurity/NetMRI-2014-3418
-
http://blog.depthsecurity.com/2014/07/os-command-injection-in-infoblox-netmri.html
OS Command Injection in Infoblox NetMRI Products - CVE-2014-3418 + CVE-2014-3419Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94450
Infoblox NetMRI default account CVE-2014-3419 Vulnerability Report
-
http://www.securitytracker.com/id/1030542
Infoblox NetMRI Lets Local Users Gain Elevated Privileges - SecurityTracker
Products affected by CVE-2014-3419
- cpe:2.3:a:infoblox:netmri:*:*:*:*:*:*:*:*
- cpe:2.3:a:infoblox:netmri:6.0.2.42:*:*:*:*:*:*:*
- cpe:2.3:a:infoblox:netmri:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:infoblox:netmri:6.2.1.48:*:*:*:*:*:*:*
- cpe:2.3:a:infoblox:netmri:6.8.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:infoblox:netmri:6.2.1:*:*:*:*:*:*:*