CVE-2014-3789

Cogentdatahub Cogent Datahub < 7.3.4 - Code Injection

Title source: rule

Description

GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.

Exploits (2)

metasploit WORKING POC MANUAL

by John Leitch, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/cogent_datahub_command.rb

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/33880

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://cogentdatahub.com/ReleaseNotes.html

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-14-136/

[Various Sources] https://ics-cert.us-cert.gov/advisories/ICSA-15-246-01

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/67486

Scores

EPSS 0.7100

EPSS Percentile 98.7%

Classification

CWE

CWE-94

Status draft

Affected Products (12)

cogentdatahub/cogent_datahub < 7.3.4

cogentdatahub/cogent_datahub

Timeline

Published May 22, 2014

Tracked Since Feb 18, 2026