Search for vulnerabilities
Vulnerability details: VCID-sm8v-vqn7-aaar
Vulnerability ID VCID-sm8v-vqn7-aaar
Aliases CVE-2014-4338
Summary cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all IP addresses.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-264 Permissions, Privileges, and Access Controls
System Score Found at
generic_textual Low http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4338.html
rhas Moderate https://access.redhat.com/errata/RHSA-2014:1795
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00628 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00697 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.00789 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2014-4338
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1091568
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4338
cvssv2 4.0 https://nvd.nist.gov/vuln/detail/CVE-2014-4338
generic_textual Low https://ubuntu.com/security/notices/USN-2210-1
Reference id Reference type URL
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195
http://openwall.com/lists/oss-security/2014/04/25/7
http://openwall.com/lists/oss-security/2014/06/19/12
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4338.html
http://rhn.redhat.com/errata/RHSA-2014-1795.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4338.json
https://api.first.org/data/v1/epss?cve=CVE-2014-4338
https://bugs.linuxfoundation.org/show_bug.cgi?id=1204
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4338
http://secunia.com/advisories/62044
https://ubuntu.com/security/notices/USN-2210-1
http://www.securityfocus.com/bid/68124
1091568 https://bugzilla.redhat.com/show_bug.cgi?id=1091568
cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:cups-filters:*:*:*:*:*:*:*:*
CVE-2014-4338 https://nvd.nist.gov/vuln/detail/CVE-2014-4338
RHSA-2014:1795 https://access.redhat.com/errata/RHSA-2014:1795
No exploits are available.
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-4338
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.67831
EPSS Score 0.00628
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.