Sign-up

ID

VAR-201411-0273


CVE

CVE-2014-6183


TITLE

XGS Runs on the device IBM Security Network Protection Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-005583

DESCRIPTION

IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors. IBM Security Network Protection is a device of the IBM Security Intrusion Prevention product portfolio. The system can monitor application usage, website access and operation execution within the network to avoid threats such as malware and botnets

Trust: 2.52

sources: NVD: CVE-2014-6183 // JVNDB: JVNDB-2014-005583 // CNVD: CNVD-2014-08512 // BID: 71258 // VULHUB: VHN-74126

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-08512

AFFECTED PRODUCTS

vendor:ibmmodel:security network protectionscope:eqversion:5.1.1.0

Trust: 1.6

vendor:ibmmodel:security network protectionscope:eqversion:5.1.0.0

Trust: 1.6

vendor:ibmmodel:security network protectionscope:eqversion:5.1.1

Trust: 1.6

vendor:ibmmodel:security network protectionscope:eqversion:5.1

Trust: 1.0

vendor:ibmmodel:security network protectionscope:eqversion:5.1.2.1

Trust: 1.0

vendor:ibmmodel:security network protection xgs 5100scope:eqversion: -

Trust: 1.0

vendor:ibmmodel:security network protection xgs 5000scope:eqversion:*

Trust: 1.0

vendor:ibmmodel:security network protectionscope:eqversion:5.3

Trust: 1.0

vendor:ibmmodel:security network protectionscope:eqversion:5.1.2.0

Trust: 1.0

vendor:ibmmodel:security network protectionscope:eqversion:5.2.0.0

Trust: 1.0

vendor:ibmmodel:security network protectionscope:ltversion:5.1.2.1

Trust: 0.8

vendor:ibmmodel:security network protectionscope:eqversion:5.3.0.0 fp1

Trust: 0.8

vendor:ibmmodel:security network protectionscope:eqversion:5.1.2.1 fp5

Trust: 0.8

vendor:ibmmodel:security network protectionscope:eqversion:5.1.2.0 fp9

Trust: 0.8

vendor:ibmmodel:security network protectionscope:eqversion:5.1.0.0 fp13

Trust: 0.8

vendor:ibmmodel:security network protectionscope:ltversion:5.1.1

Trust: 0.8

vendor:ibmmodel:security network protectionscope:eqversion:5.1.1.0 fp8

Trust: 0.8

vendor:ibmmodel:security network protectionscope:ltversion:5.2

Trust: 0.8

vendor:ibmmodel:security network protectionscope:ltversion:5.1

Trust: 0.8

vendor:ibmmodel:security network protectionscope:ltversion:5.1.2

Trust: 0.8

vendor:ibmmodel:security network protection xgs 5100scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protectionscope:eqversion:5.2.0.0 fp5

Trust: 0.8

vendor:ibmmodel:security network protectionscope:ltversion:5.3

Trust: 0.8

vendor:ibmmodel:security network protection xgs 5000scope: - version: -

Trust: 0.8

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1

Trust: 0.6

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.1

Trust: 0.6

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.2

Trust: 0.6

vendor:ibmmodel:security network protection xgsscope:eqversion:5.1.2.1

Trust: 0.6

vendor:ibmmodel:security network protection xgsscope:eqversion:5.2

Trust: 0.6

vendor:ibmmodel:security network protection xgsscope:eqversion:5.3

Trust: 0.6

vendor:ibmmodel:security network protectionscope:eqversion:71005.1.21

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:71005.1.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:71005.1.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:71005.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:71005.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:71005.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:51005.1.21

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:51005.1.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:51005.1.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:51005.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:51005.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:51005.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:41005.1.21

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:41005.1.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:41005.1.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:41005.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:41005.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:41005.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:31005.1.21

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:31005.1.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:31005.1.1

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:31005.3

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:31005.2

Trust: 0.3

vendor:ibmmodel:security network protectionscope:eqversion:31005.1

Trust: 0.3

sources: CNVD: CNVD-2014-08512 // BID: 71258 // JVNDB: JVNDB-2014-005583 // CNNVD: CNNVD-201411-399 // NVD: CVE-2014-6183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-6183
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-6183
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-08512
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201411-399
value: MEDIUM

Trust: 0.6

VULHUB: VHN-74126
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-6183
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-08512
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-74126
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-08512 // VULHUB: VHN-74126 // JVNDB: JVNDB-2014-005583 // CNNVD: CNNVD-201411-399 // NVD: CVE-2014-6183

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-74126 // JVNDB: JVNDB-2014-005583 // NVD: CVE-2014-6183

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-399

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201411-399

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005583

PATCH
title:1690823url:http://www-01.ibm.com/support/docview.wss?uid=swg21690823
Trust: 0.8
title:Multiple IBM Security Network Protection product remote command injection vulnerability patchesurl:https://www.cnvd.org.cn/patchInfo/show/52133
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-08512 // 
            
            
            
            JVNDB: JVNDB-2014-005583

EXTERNAL IDS
db:NVDid:CVE-2014-6183
Trust: 3.4
db:BIDid:71258
Trust: 1.0
db:JVNDBid:JVNDB-2014-005583
Trust: 0.8
db:CNNVDid:CNNVD-201411-399
Trust: 0.7
db:CNVDid:CNVD-2014-08512
Trust: 0.6
db:XFid:98519
Trust: 0.6
db:VULHUBid:VHN-74126
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-08512 // 
            
            
            
            VULHUB: VHN-74126 // 
            
            
            
            BID: 71258 // 
            
            
            
            JVNDB: JVNDB-2014-005583 // 
            
            
            
            CNNVD: CNNVD-201411-399 // 
            
            
            
            NVD: CVE-2014-6183

REFERENCES
url:http://www-01.ibm.com/support/docview.wss?uid=swg21690823
Trust: 2.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98519
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6183
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-6183
Trust: 0.8
url:http://www.securityfocus.com/bid/71258
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/98519
Trust: 0.6
url:http://www.ibm.com/
Trust: 0.3
url:http://www-03.ibm.com/software/products/en/network-protection/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-08512 // 
            
            
            
            VULHUB: VHN-74126 // 
            
            
            
            BID: 71258 // 
            
            
            
            JVNDB: JVNDB-2014-005583 // 
            
            
            
            CNNVD: CNNVD-201411-399 // 
            
            
            
            NVD: CVE-2014-6183

CREDITS
IBM Security Systems Ethical Hacking Team: Paul Ionescu, Brennan Brazeau, John Zuccato, Jonathan Fitz-Gerald, and Warren Moynihan.
Trust: 0.3
sources:
            
            
            BID: 71258

SOURCES
db:CNVDid:CNVD-2014-08512
db:VULHUBid:VHN-74126
db:BIDid:71258
db:JVNDBid:JVNDB-2014-005583
db:CNNVDid:CNNVD-201411-399
db:NVDid:CVE-2014-6183

LAST UPDATE DATE
2025-04-13T23:04:44.994000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-08512date:2014-11-26T00:00:00
db:VULHUBid:VHN-74126date:2017-09-08T00:00:00
db:BIDid:71258date:2014-11-19T00:00:00
db:JVNDBid:JVNDB-2014-005583date:2014-11-25T00:00:00
db:CNNVDid:CNNVD-201411-399date:2014-11-24T00:00:00
db:NVDid:CVE-2014-6183date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-08512date:2014-11-26T00:00:00
db:VULHUBid:VHN-74126date:2014-11-23T00:00:00
db:BIDid:71258date:2014-11-19T00:00:00
db:JVNDBid:JVNDB-2014-005583date:2014-11-25T00:00:00
db:CNNVDid:CNNVD-201411-399date:2014-11-24T00:00:00
db:NVDid:CVE-2014-6183date:2014-11-23T00:59:01.817