CVE-2014-2959
Summary
| CVE | CVE-2014-2959 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-06-02 19:55:00 UTC |
| Updated | 2014-06-26 04:50:00 UTC |
| Description | logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter. |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Dell | Powervault Ml6000 | 32u | All | All | All |
| Hardware | Dell | Powervault Ml6000 | 41u | All | All | All |
| Hardware | Dell | Powervault Ml6000 | 32u | All | All | All |
| Hardware | Dell | Powervault Ml6000 | 41u | All | All | All |
| Operating System | Dell | Powervault Ml6000 Firmware | All | All | All | All |
| Operating System | Dell | Powervault Ml6000 Firmware | All | All | All | All |
| Hardware | Quantum | Scalar I500 | 14u | All | All | All |
| Hardware | Quantum | Scalar I500 | 23u | All | All | All |
| Hardware | Quantum | Scalar I500 | 5u | All | All | All |
| Hardware | Quantum | Scalar I500 | 14u | All | All | All |
| Hardware | Quantum | Scalar I500 | 23u | All | All | All |
| Hardware | Quantum | Scalar I500 | 5u | All | All | All |
| Operating System | Quantum | Scalar I500 Firmware | All | All | All | All |
| Operating System | Quantum | Scalar I500 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Vulnerability Note VU#124908 - Dell ML6000 and Quantum Scalar i500 tape backup system command injection vulnerability | CERT-VN | www.kb.cert.org | US Government Resource |
| Security Advisory SA59019 - Dell PowerVault ML6000 logViewer.htm Command Injection Vulnerabilty - Secunia | SECUNIA | secunia.com | |
| Dell PowerVault ML6000 and Quantum Scalar i500 CVE-2014-2959 Remote Command Injection Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.