Vulnerabilities > CVE-2014-5334 - 7PK - Security Features vulnerability in Freenas 9.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Common Weakness Enumeration (CWE)
Nessus
| NASL family | CGI abuses |
| NASL id | FREENAS_WEBGUI_BLANK_PASSWORD.NASL |
| description | The version of FreeNAS installed on the remote host either has not yet set up a password or has recently reset the WebGUI password. This allows anyone to log into the WebGUI, set up an arbitrary password, and then use the system terminal feature of the WebGUI to execute arbitrary commands with administrative privileges. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 77746 |
| published | 2014-09-18 |
| reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/77746 |
| title | FreeNAS WebGUI Blank Password |