Описание
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-7180
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97735
- http://docs.electric-cloud.com/commander_doc/5_0_3/HTML5/ReleaseNotes/commander_releasenotes.htm
- http://packetstormsecurity.com/files/128819/ElectricCommander-4.2.4.71224-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Oct/104
- http://www.secureworks.com/advisories/SWRX-2014-010/SWRX-2014-010.pdf
- http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-010
- http://www.securityfocus.com/bid/70722
EPSS
Процентиль: 15%
0.00048
Низкий
CVE ID
Связанные уязвимости
nvd
больше 11 лет назад
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
EPSS
Процентиль: 15%
0.00048
Низкий