Back to CVE Browser

CVE-2014-5334

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0450%

EPSS Percentile34.24th

PublishedJan 8, 2018

Last ModifiedNov 21, 2024

Vulnerability Description

FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login.

Affected Platforms (CPE)

📦

Freenas

Freenas

<= 9.2.1.7

📦

Freenas

Freenas

= 9.3

📦

Freenas

Freenas

= 9.3

📦

Freenas

Freenas

= 9.3

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2014/08/19/2

🔗 http://www.securityfocus.com/bid/69249

🔗 https://bugs.freenas.org/issues/5844

🔗 http://www.openwall.com/lists/oss-security/2014/08/19/2

🔗 http://www.securityfocus.com/bid/69249

🔗 https://bugs.freenas.org/issues/5844

Related Vulnerabilities

CVE-2020-116507.5

An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1. It allows a denial of serv...

CVE-2009-27384.3

Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authe...

CVE-2009-27394.3

Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 allows remote attackers to inject arbitrary web script or HTML v...

FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php...