CVE-2014-4870

Published: Oct 7, 2014Modified: May 6, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration.

Affected (4)

Products: Brocade: Vyatta 5400 Vrouter Software, Vyatta 5400 Vrouter

Brocade

2 products

Vyatta 5400 Vrouter Software

Vyatta 5400 Vrouter

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Brocade Vyatta 5400 Vrouter Software	Version 6.4
Brocade Vyatta 5400 Vrouter Software	Version 6.6
Brocade Vyatta 5400 Vrouter Software	Version 6.7
Brocade Vyatta 5400 Vrouter	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://www.kb.cert.org/vuls/id/111588

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/111588

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.