CVE-2014-2327 — MEDIUM (6.8)

Q: How severe is CVE-2014-2327?

CVE-2014-2327 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2327?

Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti, Debian Debian Linux, Opensuse Opensuse.

Vulnerability Description

Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Cacti	Cacti	>= 0.8.7, <= 0.8.7g
Debian	Debian Linux	7.0
Opensuse	Opensuse	13.1

Related Weaknesses (CWE)

CWE-352

References

http://jvn.jp/en/jp/JVN55076671/index.htmlThird Party AdvisoryVDB Entry
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.htmlThird Party Advisory
http://secunia.com/advisories/59203Third Party Advisory
http://www.debian.org/security/2014/dsa-2970Third Party Advisory
http://www.securityfocus.com/archive/1/531588Third Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/66392Third Party AdvisoryVDB Entry
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768Issue TrackingThird Party Advisory
https://security.gentoo.org/glsa/201509-03Third Party Advisory
http://jvn.jp/en/jp/JVN55076671/index.htmlThird Party AdvisoryVDB Entry
http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.htmlThird Party Advisory
http://secunia.com/advisories/59203Third Party Advisory
http://www.debian.org/security/2014/dsa-2970Third Party Advisory
http://www.securityfocus.com/archive/1/531588Third Party AdvisoryVDB Entry

FAQ

What is CVE-2014-2327?

CVE-2014-2327 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests...

How severe is CVE-2014-2327?

CVE-2014-2327 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2327?

Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti, Debian Debian Linux, Opensuse Opensuse.