Sign-up

ID

VAR-201404-0677


CVE

CVE-2014-2565


TITLE

Blue Coat Content Analysis System Command line interface arbitrary command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-002331

DESCRIPTION

The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection.". Blue Coat Content Analysis System is prone to a remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. Successful exploits may compromise the affected application. Blue Coat Content Analysis System versions 1.1.1.1, 1.1.2.1, and 1.1.3.1 are vulnerable

Trust: 1.89

sources: NVD: CVE-2014-2565 // JVNDB: JVNDB-2014-002331 // BID: 67519

AFFECTED PRODUCTS

vendor:bluecoatmodel:content analysis system softwarescope:eqversion:1.1

Trust: 1.6

vendor:bluecoatmodel:content analysis system softwarescope:eqversion:1.1.1.1

Trust: 1.6

vendor:bluecoatmodel:content analysis systemscope:eqversion: -

Trust: 1.0

vendor:bluecoatmodel:content analysis system softwarescope:lteversion:1.1.2.1

Trust: 1.0

vendor:blue coatmodel:content analysis systemscope: - version: -

Trust: 0.8

vendor:blue coatmodel:content analysis system softwarescope:ltversion:1.1 thats all 1.1.4.2

Trust: 0.8

vendor:bluecoatmodel:content analysis system softwarescope:eqversion:1.1.2.1

Trust: 0.6

vendor:bluemodel:coat systems content analysis systemscope:eqversion:1.1.3.1

Trust: 0.3

vendor:bluemodel:coat systems content analysis systemscope:eqversion:1.1.2.1

Trust: 0.3

vendor:bluemodel:coat systems content analysis systemscope:eqversion:1.1.1.1

Trust: 0.3

vendor:bluemodel:coat systems content analysis systemscope:neversion:1.1.4.2

Trust: 0.3

sources: BID: 67519 // JVNDB: JVNDB-2014-002331 // CNNVD: CNNVD-201404-606 // NVD: CVE-2014-2565

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2014-2565
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201404-606
value: MEDIUM

Trust: 0.6

NVD: CVE-2014-2565
severity: MEDIUM
baseScore: 6.5
vectorString: AV:A/AC:H/AU:S/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2014-002331 // CNNVD: CNNVD-201404-606 // NVD: CVE-2014-2565

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2014-002331 // NVD: CVE-2014-2565

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201404-606

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201404-606

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2014-2565

PATCH
title:SA78url:https://kb.bluecoat.com/index?page=content&id=sa78&actp=list
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-002331

EXTERNAL IDS
db:NVDid:CVE-2014-2565
Trust: 2.7
db:JVNDBid:JVNDB-2014-002331
Trust: 0.8
db:CNNVDid:CNNVD-201404-606
Trust: 0.6
db:BIDid:67519
Trust: 0.3
sources:
            
            
            BID: 67519 // 
            
            
            
            JVNDB: JVNDB-2014-002331 // 
            
            
            
            CNNVD: CNNVD-201404-606 // 
            
            
            
            NVD: CVE-2014-2565

REFERENCES
url:https://kb.bluecoat.com/index?page=content&id=sa78&actp=list
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2565
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2565
Trust: 0.8
url:http://www.bluecoat.com
Trust: 0.3
url:http://www.bluecoat.com/products/content-analysis-system
Trust: 0.3
sources:
            
            
            BID: 67519 // 
            
            
            
            JVNDB: JVNDB-2014-002331 // 
            
            
            
            CNNVD: CNNVD-201404-606 // 
            
            
            
            NVD: CVE-2014-2565

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 67519

SOURCES
db:BIDid:67519
db:JVNDBid:JVNDB-2014-002331
db:CNNVDid:CNNVD-201404-606
db:NVDid:CVE-2014-2565

LAST UPDATE DATE
2022-05-04T10:01:31.363000+00:00

SOURCES UPDATE DATE
db:BIDid:67519date:2014-03-19T00:00:00
db:JVNDBid:JVNDB-2014-002331date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-606date:2014-05-06T00:00:00
db:NVDid:CVE-2014-2565date:2014-05-01T13:49:00

SOURCES RELEASE DATE
db:BIDid:67519date:2014-03-19T00:00:00
db:JVNDBid:JVNDB-2014-002331date:2014-05-02T00:00:00
db:CNNVDid:CNNVD-201404-606date:2014-04-30T00:00:00
db:NVDid:CVE-2014-2565date:2014-04-30T14:22:00