PT-2014-4983 · Dell+1 · Dell Ml6000+1

Published

2014-06-02

Updated

2014-06-26

CVE-2014-2959

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions Dell ML6000 tape backup system versions prior to i8.2.0.2 (641G.GS103) Quantum Scalar i500 tape backup system versions prior to i8.2.2.1 (646G.GS002)

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a pathname parameter in the logViewer.htm file.

Recommendations For Dell ML6000 tape backup system versions prior to i8.2.0.2 (641G.GS103), update to firmware version i8.2.0.2 (641G.GS103) or later. For Quantum Scalar i500 tape backup system versions prior to i8.2.2.1 (646G.GS002), update to firmware version i8.2.2.1 (646G.GS002) or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2014-2959

Affected Products

Dell Ml6000

Quantum Scalar I500

PT-2014-4983 · Dell+1 · Dell Ml6000+1

CVE-2014-2959

Weakness Enumeration

Related Identifiers

Affected Products

References · 4