CVE-2014-7180CVE-2014-7180

Affected configuration(s):

cpe:/a:electric_cloud:electriccommander:4.2.5
cpe:/a:electric_cloud:electriccommander:5.0.0
cpe:/a:electric_cloud:electriccommander:5.0.1
cpe:/a:electric_cloud:electriccommander:5.0.2

Date published: 2014-10-24T20:55:04.320-04:00

Date last modified: 2017-09-07T21:29:15.323-04:00

CVSS Score: 4.6

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://docs.electric-cloud.com/commander_doc/5_0_3/HTML5/ReleaseNotes/commander_releasenotes.htm

Summary: Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.