{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-22T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T20:57:01", "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "shortName": "hp"}, "references": [{"name": "1030624", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030624"}, {"name": "60418", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60418"}, {"tags": ["x_refsource_MISC"], "url": "http://zerodayinitiative.com/advisories/ZDI-14-268/"}, {"name": "HPSBMU03073", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202"}, {"name": "SSRT101359", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "hp-security-alert@hp.com", "ID": "CVE-2014-2626", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1030624", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030624"}, {"name": "60418", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60418"}, {"name": "http://zerodayinitiative.com/advisories/ZDI-14-268/", "refsource": "MISC", "url": "http://zerodayinitiative.com/advisories/ZDI-14-268/"}, {"name": "HPSBMU03073", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202"}, {"name": "SSRT101359", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:21:35.694Z"}, "title": "CVE Program Container", "references": [{"name": "1030624", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1030624"}, {"name": "60418", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60418"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://zerodayinitiative.com/advisories/ZDI-14-268/"}, {"name": "HPSBMU03073", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202"}, {"name": "SSRT101359", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202"}]}]}, "cveMetadata": {"assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2", "assignerShortName": "hp", "cveId": "CVE-2014-2626", "datePublished": "2014-07-26T15:00:00", "dateReserved": "2014-03-24T00:00:00", "dateUpdated": "2024-08-06T10:21:35.694Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:network_virtualization:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "BD6E5166-6A01-4AF3-9CF1-140CB4A53D2A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la funci\u00f3n toServerObject en HP Network Virtualization 8.6 (tambi\u00e9n conocido como Shunra Network Virtualization) permite a atacantes remotos crear ficheros, y como consecuencia ejecutar c\u00f3digo arbitrario, a trav\u00e9s de entradas manipuladas, tambi\u00e9n conocido como ZDI-CAN-2024."}], "id": "CVE-2014-2626", "lastModified": "2017-01-07T02:59:49.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 9.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-26T15:55:03.217", "references": [{"source": "hp-security-alert@hp.com", "url": "http://secunia.com/advisories/60418"}, {"source": "hp-security-alert@hp.com", "url": "http://www.securitytracker.com/id/1030624"}, {"source": "hp-security-alert@hp.com", "url": "http://zerodayinitiative.com/advisories/ZDI-14-268/"}, {"source": "hp-security-alert@hp.com", "tags": ["Vendor Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04374202"}], "sourceIdentifier": "hp-security-alert@hp.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}