PT-2018-4264 · Ixsystems · Freenas

Published

2018-01-08

Updated

2018-01-29

CVE-2014-5334

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreeNAS versions prior to 9.3-M3

Description The issue allows remote attackers to gain root privileges by leveraging a WebGui login, due to a blank admin password.

Recommendations For versions prior to 9.3-M3, update to version 9.3-M3 or later to fix the issue. As a temporary workaround, consider setting a strong admin password to prevent unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CVE-2014-5334

Affected Products

Freenas

PT-2018-4264 · Ixsystems · Freenas

CVE-2014-5334

Weakness Enumeration

Related Identifiers

Affected Products

References · 5