CVE-2014-7180

EUVD-2014-7057
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
electric_cloudelectriccommander
𝑥
≤ 4.2.5
electric_cloudelectriccommander
5.0.0
electric_cloudelectriccommander
5.0.1
electric_cloudelectriccommander
5.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://docs.electric-cloud.com/commander_doc/5_0_3/HTML5/ReleaseNotes/commander_releasenotes.htm
http://packetstormsecurity.com/files/128819/ElectricCommander-4.2.4.71224-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Oct/104
http://www.secureworks.com/advisories/SWRX-2014-010/SWRX-2014-010.pdf
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-010/
http://www.securityfocus.com/bid/70722
https://exchange.xforce.ibmcloud.com/vulnerabilities/97735
http://docs.electric-cloud.com/commander_doc/5_0_3/HTML5/ReleaseNotes/commander_releasenotes.htm
http://packetstormsecurity.com/files/128819/ElectricCommander-4.2.4.71224-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2014/Oct/104
http://www.secureworks.com/advisories/SWRX-2014-010/SWRX-2014-010.pdf
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-010/
http://www.securityfocus.com/bid/70722
https://exchange.xforce.ibmcloud.com/vulnerabilities/97735