Vulnerability CVE-2014-5036


Published: 2014-09-05

Description:
The Storage Controller (SC) component in Eucalyptus 3.4.2 through 4.0.x before 4.0.1, when Dell Equallogic SAN is used, logs the CHAP user credentials, which allows local users to obtain sensitive information by reading the logs.

Type:

CWE-200

(Information Exposure)

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
1.9/10
2.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Eucalyptus -> Eucalyptus 

 References:
https://www.eucalyptus.com/resources/security/advisories/esa-23
http://secunia.com/advisories/60712
http://secunia.com/advisories/60359

Copyright 2024, cxsecurity.com

 

Back to Top