VAR-201410-0375
Vulnerability from variot - Updated: 2025-04-13 23:25The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. Brocade Vyatta 5400 vRouter fails to properly handle user-submitted (`) characters, allowing remote attackers to exploit vulnerabilities to submit special requests, inject OS commands and execute them. A command-injection vulnerability 2. A security-bypass vulnerability 3. A remote code-execution vulnerability An attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0375",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vyatta 5400 vrouter software",
"scope": "eq",
"trust": 1.6,
"vendor": "brocade",
"version": "6.6"
},
{
"model": "vyatta 5400 vrouter software",
"scope": "eq",
"trust": 1.6,
"vendor": "brocade",
"version": "6.7"
},
{
"model": "vyatta 5400 vrouter software",
"scope": "eq",
"trust": 1.6,
"vendor": "brocade",
"version": "6.4"
},
{
"model": "vyatta 5400 vrouter",
"scope": "eq",
"trust": 1.0,
"vendor": "brocade",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "brocade",
"version": null
},
{
"model": "vyatta 5400 vrouter",
"scope": null,
"trust": 0.8,
"vendor": "brocade",
"version": null
},
{
"model": "vyatta 5400 vrouter software",
"scope": "eq",
"trust": 0.8,
"vendor": "brocade",
"version": "6.4r(x)"
},
{
"model": "vyatta 5400 vrouter software",
"scope": "eq",
"trust": 0.8,
"vendor": "brocade",
"version": "6.6r(x)"
},
{
"model": "vyatta 5400 vrouter software",
"scope": "eq",
"trust": 0.8,
"vendor": "brocade",
"version": "6.7r1"
},
{
"model": "vyatta vrouter 6.4r",
"scope": "eq",
"trust": 0.6,
"vendor": "brocade",
"version": "5400"
},
{
"model": "vyatta vrouter 6.6r",
"scope": "eq",
"trust": 0.6,
"vendor": "brocade",
"version": "5400"
},
{
"model": "vyatta vrouter 6.7r1",
"scope": "eq",
"trust": 0.6,
"vendor": "brocade",
"version": "5400"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111588"
},
{
"db": "CNVD",
"id": "CNVD-2014-06610"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004563"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-130"
},
{
"db": "NVD",
"id": "CVE-2014-4868"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:brocade:vyatta_5400_vrouter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:brocade:vyatta_5400_vrouter_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004563"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Owen Shearing",
"sources": [
{
"db": "BID",
"id": "70226"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4868",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2014-4868",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2014-06610",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-72809",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4868",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-4868",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-06610",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-130",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-72809",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06610"
},
{
"db": "VULHUB",
"id": "VHN-72809"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004563"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-130"
},
{
"db": "NVD",
"id": "CVE-2014-4868"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command. Brocade Vyatta 5400 vRouter versions 6.4R(x), 6.6R(x), and 6.7R1 contain multiple vulnerabilities. Brocade Vyatta 5400 vRouter enables organizations to build advanced, multi-layered networks in a virtualized environment to add, configure, and move network services as needed. Brocade Vyatta 5400 vRouter fails to properly handle user-submitted (`) characters, allowing remote attackers to exploit vulnerabilities to submit special requests, inject OS commands and execute them. A command-injection vulnerability\n2. A security-bypass vulnerability\n3. A remote code-execution vulnerability\nAn attacker can exploit these issues to bypass certain security restrictions, obtain sensitive information and execute script code and shell commands with root privileges. This may aid in further attacks. Brocade Vyatta 5400 vRouter is a set of Brocade Corporation that provides a series of network function virtualization (NFV) solutions. The following versions are affected: Brocade Vyatta 5400 vRouter version 6.4, version 6.6 and version 6.7",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4868"
},
{
"db": "CERT/CC",
"id": "VU#111588"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004563"
},
{
"db": "CNVD",
"id": "CNVD-2014-06610"
},
{
"db": "BID",
"id": "70226"
},
{
"db": "VULHUB",
"id": "VHN-72809"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#111588",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2014-4868",
"trust": 3.4
},
{
"db": "BID",
"id": "70226",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU98637322",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004563",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-130",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-06610",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72809",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111588"
},
{
"db": "CNVD",
"id": "CNVD-2014-06610"
},
{
"db": "VULHUB",
"id": "VHN-72809"
},
{
"db": "BID",
"id": "70226"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004563"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-130"
},
{
"db": "NVD",
"id": "CVE-2014-4868"
}
]
},
"id": "VAR-201410-0375",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06610"
},
{
"db": "VULHUB",
"id": "VHN-72809"
}
],
"trust": 1.3388889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06610"
}
]
},
"last_update_date": "2025-04-13T23:25:22.164000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Brocade Vyatta 5400 vRouter",
"trust": 0.8,
"url": "http://www.brocadejapan.com/products/network-functions-virtualization/5400-vrouter/overview"
},
{
"title": "TSB 2014-197-A",
"trust": 0.8,
"url": "http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-vyatta-5400-vrouter-low-risk-vulnerabilities.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004563"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72809"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004563"
},
{
"db": "NVD",
"id": "CVE-2014-4868"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/111588"
},
{
"trust": 1.1,
"url": "http://www.brocade.com/index.page"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4868"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98637322/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4868"
},
{
"trust": 0.3,
"url": "http://www.brocade.com/products/all/network-functions-virtualization/product-details/5400-vrouter/index.page"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#111588"
},
{
"db": "CNVD",
"id": "CNVD-2014-06610"
},
{
"db": "VULHUB",
"id": "VHN-72809"
},
{
"db": "BID",
"id": "70226"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004563"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-130"
},
{
"db": "NVD",
"id": "CVE-2014-4868"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#111588"
},
{
"db": "CNVD",
"id": "CNVD-2014-06610"
},
{
"db": "VULHUB",
"id": "VHN-72809"
},
{
"db": "BID",
"id": "70226"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004563"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-130"
},
{
"db": "NVD",
"id": "CVE-2014-4868"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-03T00:00:00",
"db": "CERT/CC",
"id": "VU#111588"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06610"
},
{
"date": "2014-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-72809"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70226"
},
{
"date": "2014-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004563"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-130"
},
{
"date": "2014-10-07T10:55:04.290000",
"db": "NVD",
"id": "CVE-2014-4868"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-03T00:00:00",
"db": "CERT/CC",
"id": "VU#111588"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06610"
},
{
"date": "2014-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-72809"
},
{
"date": "2014-10-03T00:00:00",
"db": "BID",
"id": "70226"
},
{
"date": "2014-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004563"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-130"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-4868"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-130"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brocade Vyatta 5400 vRouter contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#111588"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-130"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…