Vulnerability Details CVE-2014-7180
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.7%
CVSS Severity
CVSS v2 Score 4.6
References
- http://docs.electric-cloud.com/commander_doc/5_0_3/HTML5/ReleaseNotes/commander_releasenotes.htm
- http://packetstormsecurity.com/files/128819/ElectricCommander-4.2.4.71224-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Oct/104
- http://www.secureworks.com/advisories/SWRX-2014-010/SWRX-2014-010.pdf
- http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-010/
- http://www.securityfocus.com/bid/70722
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97735
- http://docs.electric-cloud.com/commander_doc/5_0_3/HTML5/ReleaseNotes/commander_releasenotes.htm
- http://packetstormsecurity.com/files/128819/ElectricCommander-4.2.4.71224-Privilege-Escalation.html
- http://seclists.org/fulldisclosure/2014/Oct/104
- http://www.secureworks.com/advisories/SWRX-2014-010/SWRX-2014-010.pdf
- http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-010/
- http://www.securityfocus.com/bid/70722
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97735
Products affected by CVE-2014-7180
-
cpe:2.3:a:electric_cloud:electriccommander:4.2.5
-
cpe:2.3:a:electric_cloud:electriccommander:5.0.0
-
cpe:2.3:a:electric_cloud:electriccommander:5.0.1
-
cpe:2.3:a:electric_cloud:electriccommander:5.0.2