Vulnerabilites related to Innominate - mGuard
CVE-2014-2356 (GCVE-0-2014-2356)
Vulnerability from cvelistv5
Published
2014-07-30 14:00
Modified
2025-10-03 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Innominate | mGuard |
Version: 4.0.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mGuard",
"vendor": "Innominate",
"versions": [
{
"lessThanOrEqual": "8.0.2",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.6.4"
},
{
"status": "unaffected",
"version": "8.0.3"
},
{
"status": "unaffected",
"version": "8.1.0"
},
{
"status": "unaffected",
"version": "8.1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Applied Risk Research team"
}
],
"datePublic": "2014-07-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInnominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.\u003c/p\u003e"
}
],
"value": "Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T17:08:22.828Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-189-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAll users of affected Innominate mGuard devices may either update to \none of the following firmware versions: 7.6.4, 8.0.3, 8.1.0, 8.1.1, or \nhigher, or use the hotfix-CVE-2014-2356.tar.gz patch-update to fix their\n systems without updating any other component.\u003c/p\u003e\n\u003cp\u003eThe patch can be applied by either uploading the patch-update as \n\u201cLocal Update\u201d or by the \u201cOnline Update\u201d functionality and using \nhotfix-CVE-2014-2356 as \u201cPackage set name.\u201d In addition, Innominate \nrecommends limiting access to the administrative interfaces via firewall\n rules to the minimum necessary.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "All users of affected Innominate mGuard devices may either update to \none of the following firmware versions: 7.6.4, 8.0.3, 8.1.0, 8.1.1, or \nhigher, or use the hotfix-CVE-2014-2356.tar.gz patch-update to fix their\n systems without updating any other component.\n\n\nThe patch can be applied by either uploading the patch-update as \n\u201cLocal Update\u201d or by the \u201cOnline Update\u201d functionality and using \nhotfix-CVE-2014-2356 as \u201cPackage set name.\u201d In addition, Innominate \nrecommends limiting access to the administrative interfaces via firewall\n rules to the minimum necessary."
}
],
"source": {
"advisory": "ICSA-14-189-02",
"discovery": "EXTERNAL"
},
"title": "Innominate mGuard Exposure of Sensitive Information to an Unauthorized Actor",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-189-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2356",
"datePublished": "2014-07-30T14:00:00",
"dateReserved": "2014-03-13T00:00:00",
"dateUpdated": "2025-10-03T17:08:22.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9193 (GCVE-0-2014-9193)
Vulnerability from cvelistv5
Published
2014-12-20 00:00
Modified
2025-07-28 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Innominate | mGuard |
Version: 0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "mGuard",
"vendor": "Innominate",
"versions": [
{
"lessThanOrEqual": "8.1.3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "7.6.6"
},
{
"status": "unaffected",
"version": "8.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Innominate Security Technologies has identified a privilege escalation vulnerability affecting all mGuard devices."
}
],
"datePublic": "2014-12-17T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInnominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting.\u003c/p\u003e"
}
],
"value": "Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:35:16.302Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-352-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eInnominate has released firmware patches Version 7.6.6 and Version \n8.1.4 that mitigates the vulnerability in the mGuard firmware Version 7 \nand Version 8, respectively. Innominate recommends that customers using \nfirmware versions older than Version 7, which are no longer being \nmaintained, should upgrade to mGuard firmware Version 7.6.6 or Version \n8.1.4. Innominate also recommends that customers limit access to the \nadministrative interfaces to a minimum via firewall rules.\u003c/p\u003e\n\u003cp\u003eFor additional information on the vulnerability, Innominate\u2019s security advisory is available on its web site at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.innominate.com/en/downloads/security-advisories\"\u003ehttp://www.innominate.com/en/downloads/security-advisories\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eInnominate\u2019s firmware updates are available on its web site at:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.innominate.com/en/downloads/updates\"\u003ehttp://www.innominate.com/en/downloads/updates\u003c/a\u003e\u0026nbsp;\u0026nbsp;\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Innominate has released firmware patches Version 7.6.6 and Version \n8.1.4 that mitigates the vulnerability in the mGuard firmware Version 7 \nand Version 8, respectively. Innominate recommends that customers using \nfirmware versions older than Version 7, which are no longer being \nmaintained, should upgrade to mGuard firmware Version 7.6.6 or Version \n8.1.4. Innominate also recommends that customers limit access to the \nadministrative interfaces to a minimum via firewall rules.\n\n\nFor additional information on the vulnerability, Innominate\u2019s security advisory is available on its web site at:\n\n http://www.innominate.com/en/downloads/security-advisories \n\n\nInnominate\u2019s firmware updates are available on its web site at:\n\n http://www.innominate.com/en/downloads/updates"
}
],
"source": {
"advisory": "ICSA-14-352-02",
"discovery": "INTERNAL"
},
"title": "Innominate mGuard Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-9193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf",
"refsource": "CONFIRM",
"url": "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20141217_001_en.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-352-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-9193",
"datePublished": "2014-12-20T00:00:00",
"dateReserved": "2014-12-02T00:00:00",
"dateUpdated": "2025-07-28T20:35:16.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}