CVE-2014-2084

EPSS 4.4%

Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencewww.exploit-db.com/exploits/33327unverified cve_referencewww.exploit-db.com/exploits/33328unverified exploitdbwww.exploit-db.com/exploits/33328unverified exploitdbwww.exploit-db.com/exploits/33327unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.skyboxsecurity.com/sites/default/files/file_resources/Skybox_Security_Appliance_Vulnerability.pdf http://www.exploit-db.com/exploits/33327 http://www.exploit-db.com/exploits/33328 http://www.osvdb.org/106842 http://www.securityfocus.com/bid/67352