CVE-2014-3486 — MEDIUM (6.9)

Q: How severe is CVE-2014-3486?

CVE-2014-3486 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3486?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms 3.0 Management Engine.

Vulnerability Description

The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users to execute arbitrary commands via a symlink attack on a temporary file with a predictable name.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Redhat	Cloudforms 3.0 Management Engine	<= 5.2.4

Related Weaknesses (CWE)

CWE-59

References

FAQ

What is CVE-2014-3486?

CVE-2014-3486 is a vulnerability with a CVSS score of 6.9 (MEDIUM). The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users t...

How severe is CVE-2014-3486?

CVE-2014-3486 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3486?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Cloudforms 3.0 Management Engine.