CVE-2014-2626
Summary
| CVE | CVE-2014-2626 |
|---|---|
| State | PUBLISHED |
| Assigner | hp |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-07-26 15:55:03 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
NoneAV:N/AC:L/Au:N/C:C/I:C/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hp | Network Virtualization | 8.6 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About Secunia Research | Flexera | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Zero Day Initiative | af854a3a-2127-422b-91ae-364da2661108 | zerodayinitiative.com | |
| h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay | af854a3a-2127-422b-91ae-364da2661108 | h20564.www2.hp.com | Vendor Advisory |
| HP Network Virtualization Bugs Let Remote Users Obtain Information and Execute Arbitrary Code - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.