CVE-2014-2565 - OpenCVE

The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:H/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Bluecoat	Content Analysis System Content Analysis System Software

Configuration 1 [-]

AND

OR	cpe:2.3:a:bluecoat:content_analysis_system_software::::::::
	cpe:2.3:a:bluecoat:content_analysis_system_software:1.1:::::::*
	cpe:2.3:a:bluecoat:content_analysis_system_software:1.1.1.1:::::::*

cpe:2.3:h:bluecoat:content_analysis_system:-:*:*:*:*:*:*:*

References

Link	Resource
https://kb.bluecoat.com/index?page=content&id=SA78&actp=LIST	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-04-30T14:00:00

Updated: 2014-04-30T12:57:00

Reserved: 2014-03-20T00:00:00

Link: CVE-2014-2565

JSON object: View

NVD Information

Status : Analyzed

Published: 2014-04-30T14:22:06.377

Modified: 2014-05-01T13:49:31.517

Link: CVE-2014-2565

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "66C66E4D-ACDC-4A87-8D5A-9B6FBABE5C05", "versionEndIncluding": "1.1.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "372E4BC0-DB27-489F-91E3-8B16B98F667D", "vulnerable": true}, {"criteria": "cpe:2.3:a:bluecoat:content_analysis_system_software:1.1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBF41DCF-B4D9-44EC-872E-21AF59BB1083", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bluecoat:content_analysis_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFE049E5-2839-42AF-99AE-E11328A2C729", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to \"command injection.\""}, {"lang": "es", "value": "La interfaz commandline en Blue Coat Content Analysis System (CAS) 1.1 anterior a 1.1.4.2 permite a administradores remotos ejecutar comandos arbitrarios a trav\u00e9s de vectores no especificados, relacionado con \"inyecci\u00f3n de comandos.\""}], "id": "CVE-2014-2565", "lastModified": "2014-05-01T13:49:31.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 2.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-04-30T14:22:06.377", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kb.bluecoat.com/index?page=content&id=SA78&actp=LIST"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}