CVE-2014-0659
CVSS V2 High 10
CVSS V3 None
Description
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
Overview
- CVE ID
- CVE-2014-0659
- Assigner
- ykramarz@cisco.com
- Vulnerability Status
- Modified
- Published Version
- 2014-01-12T18:34:55
- Last Modified Date
- 2017-08-29T01:34:14
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:* | 1 | OR | 2.0.3.2 | |
cpe:2.3:o:cisco:rvs4000_firmware:1.3.2.0:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:cisco:rvs4000_firmware:1.3.3.5:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:cisco:rvs4000_firmware:2.0.0.3:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:cisco:rvs4000_firmware:2.0.2.7:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:* | 1 | OR | ||
AND | ||||
cpe:2.3:o:cisco:wrvs4400n_firmware:1.1.03:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:cisco:wrvs4400n_firmware:1.1.13:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:cisco:wrvs4400n_firmware:2.0.1.3:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:cisco:wrvs4400n_firmware:2.0.2.1:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:cisco:wrvs4400n:-:*:*:*:*:*:*:* | 1 | OR | ||
AND | ||||
cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:* | 1 | OR | 2.0.6.1 | |
cpe:2.3:o:cisco:wap4410n_firmware:2.0.2.1:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:cisco:wap4410n_firmware:2.0.3.3:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:o:cisco:wap4410n_firmware:2.0.4.2:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:C/I:C/A:C
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 10
- Severity
- HIGH
- Exploitability Score
- 10
- Impact Score
- 10
References
Reference URL | Reference Tags |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd | Vendor Advisory |
http://tools.cisco.com/security/center/viewAlert.x?alertId=32381 | Vendor Advisory |
http://www.securitytracker.com/id/1029579 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1029580 | Third Party Advisory VDB Entry |
http://secunia.com/advisories/56292 | |
https://github.com/elvanderb/TCP-32764 | Patch Issue Tracking |
http://www.securityfocus.com/bid/64776 | Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/90233 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2014-0659 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0659 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 08:44:09 | Added to TrackCVE | |||
2022-12-01 21:28:24 | psirt@cisco.com | ykramarz@cisco.com | CVE Assigner | updated |
2022-12-01 21:28:24 | 2014-01-12T18:34Z | 2014-01-12T18:34:55 | CVE Published Date | updated |
2022-12-01 21:28:24 | 2017-08-29T01:34:14 | CVE Modified Date | updated | |
2022-12-01 21:28:24 | Modified | Vulnerability Status | updated |