CVE-2014-6607
First published: Mon Oct 06 2014(Updated: )
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Monit | <=3.3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-6607?
CVE-2014-6607 is considered a high severity vulnerability due to its potential for privilege escalation.
How do I fix CVE-2014-6607?
To resolve CVE-2014-6607, upgrade M/Monit to version 3.3.3 or later where the vulnerability has been addressed.
Who is affected by CVE-2014-6607?
Users of M/Monit versions 3.3.2 and earlier are vulnerable to CVE-2014-6607.
What can attackers do with CVE-2014-6607?
Attackers can exploit CVE-2014-6607 to change the passwords of other users and gain unauthorized access.
Is CVE-2014-6607 related to any other vulnerabilities?
Yes, CVE-2014-6607 is a different vulnerability than CVE-2014-6409 but shares some similarities.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/mmonit
- canonical/monit
- version/monit/3.3.2