CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-0748

apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.5%

CVSS Severity

CVSS v2 Score 7.2

References

https://labs.mwrinfosecurity.com/advisories/2014/01/31/cray-aprunapinit-privilege-escalation/
https://labs.mwrinfosecurity.com/advisories/2014/01/31/cray-aprunapinit-privilege-escalation/

Products affected by CVE-2014-0748

Cray » Cray Linux Environment » Version: Any

cpe:2.3:o:cray:cray_linux_environment:*
Cray » Cray Linux Environment » Version: 5.1

cpe:2.3:o:cray:cray_linux_environment:5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-0748

Products

Pricing

Contact Us