CVE-2014-0104

Summary

In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.

Affected Software

VendorProductVersion RangeStatus
fence-agentsfence-agentsbefore 4.0.17affected

Weaknesses

  • no verification of remote SSL certificates

ADP Enrichment

CVE Program Container

Additional References

References