CVE-2014-2626

Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Published: Jul 26, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2626
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.4
AV:N/AC:L/Au:N/C:C/I:C/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
hp / network_virtualization	8.6	8.6.x

http://secunia.com/advisories/60418
http://www.securitytracker.com/id/1030624
http://zerodayinitiative.com/advisories/ZDI-14-268/
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202

Vulnerability Database

289,784

CVE-2014-2626