Home > Vulnerability Database > CVE-2014-3251

Mend.io Vulnerability Database

CVE-2014-3251

Date: August 12, 2014

The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

Severity Score

3.7

Related Resources (7)

Url: http://puppetlabs.com/security/cve/cve-2014-3251

Url: http://secunia.com/advisories/59356

Url: http://www.osvdb.org/109257

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-3251

Url: http://secunia.com/advisories/60066

Url: https://security-tracker.debian.org/tracker/CVE-2014-3251

Url: https://www.mend.io/vulnerability-database/CVE-2014-3251

Severity Score

3.7

Weakness Type (CWE)

Race Conditions

CWE-362

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.4
Access Vector (AV):	LOCAL
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-3251

Date: August 12, 2014

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?