CVE-2014-7989: Input Validation
First published: Fri Nov 07 2014(Updated: )
Cisco Unified Computing System on B-Series blade servers allows local users to gain shell privileges via a crafted (1) ping6 or (2) traceroute6 command, aka Bug ID CSCuq38176.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco B200 M3 | ||
| Cisco B200 M4 | ||
| Cisco B22 M3 | ||
| Cisco B230 M2 | ||
| Cisco B260 M4 | ||
| Cisco B420 M3 | ||
| Cisco B440 M2 | ||
| Cisco B460 M4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-7989?
CVE-2014-7989 has a medium severity rating due to the potential for local users to escalate privileges.
How do I fix CVE-2014-7989?
To remediate CVE-2014-7989, implement the recommended patches or updates provided by Cisco for the affected B-Series blade servers.
What affected systems are impacted by CVE-2014-7989?
CVE-2014-7989 affects various Cisco B-Series blade servers including B200 M3, B200 M4, B22 M3, B230 M2, B260 M4, B420 M3, B440 M2, and B460 M4.
Can CVE-2014-7989 be exploited remotely?
No, CVE-2014-7989 can only be exploited by authorized local users on the affected systems.
What is the nature of the vulnerability in CVE-2014-7989?
CVE-2014-7989 allows local users to gain shell privileges on Cisco Unified Computing System through crafted ping6 or traceroute6 commands.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco b200 m3
- canonical/cisco b200 m4
- canonical/cisco b22 m3
- canonical/cisco b230 m2
- canonical/cisco b260 m4
- canonical/cisco b420 m3
- canonical/cisco b440 m2
- canonical/cisco b460 m4