Vulnerabilities > Brocade > Vyatta 5400 Vrouter Software

DATE CVE VULNERABILITY TITLE RISK
2014-10-07 CVE-2014-4870 Improper Input Validation vulnerability in Brocade Vyatta 5400 Vrouter and Vyatta 5400 Vrouter Software
/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges by leveraging the sudo configuration.
local
low complexity
brocade CWE-20
7.2
2014-10-07 CVE-2014-4869 Permissions, Privileges, and Access Controls vulnerability in Brocade Vyatta 5400 Vrouter and Vyatta 5400 Vrouter Software
The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group.
network
low complexity
brocade CWE-264
5.0
2014-10-07 CVE-2014-4868 OS Command Injection vulnerability in Brocade Vyatta 5400 Vrouter and Vyatta 5400 Vrouter Software
The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console command.
network
low complexity
brocade CWE-78
critical
9.0