CVE-2014-2084

Name of the Vulnerable Software and Affected Versions Skybox View Appliances versions 6.3.31-2.14 through 6.3.33-2.14 Skybox View Appliances versions 6.4.42-2.54 through 6.4.46-2.57

Description The issue allows remote attackers to obtain sensitive information or cause a denial of service. Attackers can send a request to API endpoints such as "scripts/commands/getSystemInformation" or "scripts/commands/getNetworkConfigurationInfo" to obtain sensitive information. Additionally, attackers can cause a denial of service by rebooting or shutting down the system via requests to "scripts/commands/reboot" or "scripts/commands/shutdown".

Recommendations For Skybox View Appliances versions 6.3.31-2.14 through 6.3.33-2.14, restrict access to the Admin interface to prevent unauthorized requests. For Skybox View Appliances versions 6.4.42-2.54 through 6.4.46-2.57, restrict access to the Admin interface to prevent unauthorized requests. As a temporary workaround, consider disabling access to the "scripts/commands/" API endpoint until a patch is available.