CVE-2014-1644

{"id": "CVE-2014-1644", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-29T01:55:07.093", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html", "source": "secure@symantec.com"}, {"url": "http://www.securityfocus.com/bid/66399", "source": "secure@symantec.com"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00", "tags": ["Patch", "Vendor Advisory"], "source": "secure@symantec.com"}, {"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt", "source": "secure@symantec.com"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/66399", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account."}, {"lang": "es", "value": "La funcionalidad forgotten-password en forcepasswd.do en la GUI de gesti\u00f3n en Symantec LiveUpdate Administrator (LUA) 2.x anterior a 2.3.2.110 permite a atacantes remotos restablecer contrase\u00f1as arbitrarias proporcionando la direcci\u00f3n de email asociada con una cuenta de usuario."}], "lastModified": "2024-11-21T02:04:46.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30E31DE4-79FD-46CB-B4EF-97C71314F6DD", "versionEndIncluding": "2.3.2"}, {"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C6436A5-ED76-4A14-B0B7-F34ED9A103B4"}, {"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B411C8E3-5C1E-4C05-85EB-27EDDF1BEEF3"}, {"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4DA63E2-6474-4DFC-B3D8-74164227385D"}, {"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20DC932C-BD80-43C0-A3F8-DC65F0EE1FFE"}, {"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C2DE1CE-8A1D-4BEB-86A2-EF5501789A97"}, {"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.2.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6810DD57-BF79-4F38-81C5-8F2B69577E35"}, {"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C05A008-A1A0-4CDE-B235-785316EE0055"}, {"criteria": "cpe:2.3:a:symantec:liveupdate_administrator:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BFF96B5-8BC2-47CA-94CC-CD9144E939AC"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}