CVE-2014-7180

Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
electric_cloudelectriccommander
𝑥
≤ 4.2.5
electric_cloudelectriccommander
5.0.0
electric_cloudelectriccommander
5.0.1
electric_cloudelectriccommander
5.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://docs.electric-cloud.com/commander_doc/5_0_3/HTML5/ReleaseNotes/commander_releasenotes.htm
http://packetstormsecurity.com/files/128819/ElectricCommander-4.2.4.71224-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Oct/104
http://www.secureworks.com/advisories/SWRX-2014-010/SWRX-2014-010.pdf
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-010/
http://www.securityfocus.com/bid/70722
https://exchange.xforce.ibmcloud.com/vulnerabilities/97735
http://docs.electric-cloud.com/commander_doc/5_0_3/HTML5/ReleaseNotes/commander_releasenotes.htm
http://packetstormsecurity.com/files/128819/ElectricCommander-4.2.4.71224-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Oct/104
http://www.secureworks.com/advisories/SWRX-2014-010/SWRX-2014-010.pdf
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-010/
http://www.securityfocus.com/bid/70722
https://exchange.xforce.ibmcloud.com/vulnerabilities/97735