CVE-2014-1644

The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providing the e-mail address associated with a user account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
symantecCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
symantecliveupdate_administrator
𝑥
≤ 2.3.2
symantecliveupdate_administrator
2.1.0
symantecliveupdate_administrator
2.1.2
symantecliveupdate_administrator
2.1.3
symantecliveupdate_administrator
2.2.1
symantecliveupdate_administrator
2.2.2
symantecliveupdate_administrator
2.2.2.9
symantecliveupdate_administrator
2.3.0
symantecliveupdate_administrator
2.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html
http://www.securityfocus.com/bid/66399
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt
http://archives.neohapsis.com/archives/bugtraq/2014-03/0172.html
http://www.securityfocus.com/bid/66399
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140327_00
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140328-0_Symantec_LiveUpdate_Administrator_Multiple_vulnerabilities_wo_poc_v10.txt