CVE-2014-2959

Published: Jun 2, 2014Modified: May 6, 2026

9.0

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Exploitability: 10.0 / Impact: 8.5

Source: NVD

Description

logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter.

Affected (7)

Products: Dell: Powervault Ml6000 Firmware, Powervault Ml6000 · Quantum: Scalar I500 Firmware, Scalar I500

2 products

Powervault Ml6000 Firmware

Powervault Ml6000

2 products

Scalar I500 Firmware

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dell Powervault Ml6000 Firmware	Up to i8.2.0.1_\(641g.gs003\)
Dell Powervault Ml6000	Version 32u
Dell Powervault Ml6000	Version 41u

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Quantum Scalar I500 Firmware	Up to i8.2.2.1_\(646g.gs002\)
Quantum Scalar I500	Version 14u
Quantum Scalar I500	Version 23u
Quantum Scalar I500	Version 5u

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

http://secunia.com/advisories/59019

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/124908

Source: cret@cert.org

US Government Resource

http://www.securityfocus.com/bid/67751

Source: cret@cert.org

http://secunia.com/advisories/59019

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/124908

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/67751

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.