CVE-2014-6311

moderate-risk
Published 2019-11-22

generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.

Do I need to act?

-
0.51% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Adaptive Communication Environment
Adaptive Communication Environment
Adaptive Communication Environment

Affected Vendors

Debian Vanderbilt

References (8)

Mailing List http://www.openwall.com/lists/oss-security/2014/09/11/5
Mailing List http://www.openwall.com/lists/oss-security/2014/09/12/6
Third Party Advisory https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760709
Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2014-6311
Mailing List http://www.openwall.com/lists/oss-security/2014/09/11/5
Mailing List http://www.openwall.com/lists/oss-security/2014/09/12/6
Third Party Advisory https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760709
Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2014-6311
47
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 13/34 · Low