Vulnerabilities > CVE-2014-5334 - 7PK - Security Features vulnerability in Freenas

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

nessus

NVD

Published: 2018-01-08

Updated: 2018-01-29

Summary

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.

Part	Description	Count
Application	Freenas Freenas Freenas 9.3 Freenas Freenas 8.2.0 Freenas Freenas 8.3.0 Freenas Freenas 8.3.1 Freenas Freenas 9.1.0 Freenas Freenas 9.1.1 Freenas Freenas 9.2.0 Freenas Freenas 9.2.1 Freenas Freenas 9.2.1.1 Freenas Freenas 9.2.1.2 Freenas Freenas 9.2.1.3 Freenas Freenas 9.2.1.4 Freenas Freenas 9.2.1.5 Freenas Freenas 9.2.1.6 Freenas Freenas 9.2.1.7	18

NASL family	CGI abuses
NASL id	FREENAS_WEBGUI_BLANK_PASSWORD.NASL
description	The version of FreeNAS installed on the remote host either has not yet set up a password or has recently reset the WebGUI password. This allows anyone to log into the WebGUI, set up an arbitrary password, and then use the system terminal feature of the WebGUI to execute arbitrary commands with administrative privileges.
last seen	2020-06-01
modified	2020-06-02
plugin id	77746
published	2014-09-18
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77746
title	FreeNAS WebGUI Blank Password