Details of VAR-201401-0323

ID

VAR-201401-0323

CVE

CVE-2014-0659

TITLE

plural Cisco Vulnerability to read credential and configuration data in product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-001039

DESCRIPTION

The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685. The Cisco RVS4000/WRVS4400N/WAP4410N are wireless routers and wireless APs from Cisco. Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router and Cisco RVS4000 4-port Gigabit Security Router products have security vulnerabilities that allow unauthenticated remote attackers to gain root-level access to the device. The vulnerability is due to the fact that the affected device has an undocumented test interface on TCP port 32764. The attacker can access the device's LAN interface and execute arbitrary commands. Run the firmware version 2.0.3.2 and earlier versions of the Cisco RVS4000 4-port Gigabit Security Router, running firmware version 1.1.13 and earlier of the Cisco WRVS4400N Wireless-N Gigabit Security Router hardware versions 1.0 and 1.1, running firmware version 2.0.2.1 and earlier. Cisco RVS4000, WRVS4400N, and WAP4410N devices are prone to a remote privilege-escalation vulnerability. A remote attacker can exploit this issue to gain access to affected devices with root-level privileges. This issue is tracked by Cisco Bug ID's CSCum37566, CSCum43693, CSCum43700 and CSCum43685. Cisco WAP4410N, WRVS4400N and RVS4000 are all products of Cisco (Cisco)

Trust: 2.52

sources: NVD: CVE-2014-0659 // JVNDB: JVNDB-2014-001039 // CNVD: CNVD-2014-00243 // BID: 64776 // VULHUB: VHN-68152

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00243

AFFECTED PRODUCTS

vendor:	cisco	model:	wap4410n	scope:	eq	version:	2.0.4.2	Trust: 1.6
vendor:	cisco	model:	wap4410n	scope:	eq	version:	2.0.2.1	Trust: 1.6
vendor:	cisco	model:	wap4410n	scope:	eq	version:	2.0.3.3	Trust: 1.6
vendor:	cisco	model:	rvs4000	scope:	eq	version:	2.0.2.7	Trust: 1.6
vendor:	cisco	model:	rvs4000	scope:	eq	version:	2.0.0.3	Trust: 1.6
vendor:	cisco	model:	wrvs4400n	scope:	eq	version:	2.0.2.1	Trust: 1.6
vendor:	cisco	model:	wrvs4400n	scope:	eq	version:	1.1.13	Trust: 1.6
vendor:	cisco	model:	wrvs4400n	scope:	eq	version:	1.1.03	Trust: 1.6
vendor:	cisco	model:	wrvs4400n	scope:	eq	version:	2.0.1.3	Trust: 1.6
vendor:	cisco	model:	wap4410n	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rvs4000	scope:	eq	version:	1.3.3.5	Trust: 1.0
vendor:	cisco	model:	rvs4000	scope:	lte	version:	2.0.3.2	Trust: 1.0
vendor:	cisco	model:	rvs4000	scope:	eq	version:	1.3.2.0	Trust: 1.0
vendor:	cisco	model:	wap4410n	scope:	lte	version:	2.0.6.1	Trust: 1.0
vendor:	cisco	model:	rvs4000	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	wrvs4400n	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	wrvs4400n wireless-n gigabit security router	scope:	eq	version:	1.0	Trust: 0.9
vendor:	cisco	model:	wrvs4400n wireless-n gigabit security router	scope:	eq	version:	1.1	Trust: 0.9
vendor:	cisco	model:	rvs4000 4-port gigabit security router	scope:	eq	version:	1.3.2.0	Trust: 0.9
vendor:	cisco	model:	rvs4000 4-port gigabit security router	scope:	eq	version:	2.0.2.7	Trust: 0.9
vendor:	cisco	model:	rvs4000 4-port gigabit security router	scope:	eq	version:	1.3.3.5	Trust: 0.9
vendor:	cisco	model:	wrvs4400n wireless-n gigabit security router	scope:	eq	version:	2.0.2.1	Trust: 0.9
vendor:	cisco	model:	rvs4000 4-port gigabit security router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rvs4000 4-port gigabit security router	scope:	lte	version:	2.0.3.2	Trust: 0.8
vendor:	cisco	model:	wap4410n wireless-n access point - poe/advanced security	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wap4410n wireless-n access point - poe/advanced security	scope:	lte	version:	2.0.6.1	Trust: 0.8
vendor:	cisco	model:	wrvs4400n wireless-n gigabit security router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wrvs4400n wireless-n gigabit security router	scope:	lte	version:	1.1.13	Trust: 0.8
vendor:	cisco	model:	wrvs4400n wireless-n gigabit security router	scope:	lte	version:	2.0.2.1	Trust: 0.8
vendor:	cisco	model:	wap4410n	scope:	eq	version:	2.0.6.1	Trust: 0.6

sources: CNVD: CNVD-2014-00243 // BID: 64776 // JVNDB: JVNDB-2014-001039 // CNNVD: CNNVD-201401-166 // NVD: CVE-2014-0659

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0659
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0659
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-00243
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201401-166
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68152
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0659
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00243
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-68152
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-00243 // VULHUB: VHN-68152 // JVNDB: JVNDB-2014-001039 // CNNVD: CNNVD-201401-166 // NVD: CVE-2014-0659

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-68152 // JVNDB: JVNDB-2014-001039 // NVD: CVE-2014-0659

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-166

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201401-166

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-001039

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-68152

PATCH

title:	cisco-sa-20140110-sbd	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd	Trust: 0.8
title:	32381	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=32381	Trust: 0.8
title:	Cisco RVS4000/WRVS4400N/WAP4410N Device Test Interface Remote Privilege Escalation Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/42327	Trust: 0.6

sources: CNVD: CNVD-2014-00243 // JVNDB: JVNDB-2014-001039

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0659	Trust: 3.4
db:	BID	id:	64776	Trust: 2.0
db:	SECTRACK	id:	1029579	Trust: 1.1
db:	SECTRACK	id:	1029580	Trust: 1.1
db:	SECUNIA	id:	56292	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-001039	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-166	Trust: 0.7
db:	CNVD	id:	CNVD-2014-00243	Trust: 0.6
db:	CISCO	id:	20140110 UNDOCUMENTED TEST INTERFACE IN CISCO SMALL BUSINESS DEVICES	Trust: 0.6
db:	EXPLOIT-DB	id:	30915	Trust: 0.1
db:	SEEBUG	id:	SSVID-84272	Trust: 0.1
db:	VULHUB	id:	VHN-68152	Trust: 0.1

sources: CNVD: CNVD-2014-00243 // VULHUB: VHN-68152 // BID: 64776 // JVNDB: JVNDB-2014-001039 // CNNVD: CNNVD-201401-166 // NVD: CVE-2014-0659

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140110-sbd	Trust: 2.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=32381	Trust: 1.7
url:	https://github.com/elvanderb/tcp-32764	Trust: 1.7
url:	http://www.securityfocus.com/bid/64776	Trust: 1.1
url:	http://www.securitytracker.com/id/1029579	Trust: 1.1
url:	http://www.securitytracker.com/id/1029580	Trust: 1.1
url:	http://secunia.com/advisories/56292	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90233	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0659	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0659	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-00243 // VULHUB: VHN-68152 // BID: 64776 // JVNDB: JVNDB-2014-001039 // CNNVD: CNNVD-201401-166 // NVD: CVE-2014-0659

CREDITS

Cisco

Trust: 0.3

sources: BID: 64776

SOURCES

db:	CNVD	id:	CNVD-2014-00243
db:	VULHUB	id:	VHN-68152
db:	BID	id:	64776
db:	JVNDB	id:	JVNDB-2014-001039
db:	CNNVD	id:	CNNVD-201401-166
db:	NVD	id:	CVE-2014-0659

LAST UPDATE DATE

2024-11-23T23:05:48.424000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00243	date:	2014-03-27T00:00:00
db:	VULHUB	id:	VHN-68152	date:	2017-08-29T00:00:00
db:	BID	id:	64776	date:	2014-01-31T01:04:00
db:	JVNDB	id:	JVNDB-2014-001039	date:	2014-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201401-166	date:	2014-02-11T00:00:00
db:	NVD	id:	CVE-2014-0659	date:	2024-11-21T02:02:36.400

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00243	date:	2014-01-15T00:00:00
db:	VULHUB	id:	VHN-68152	date:	2014-01-12T00:00:00
db:	BID	id:	64776	date:	2014-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2014-001039	date:	2014-01-15T00:00:00
db:	CNNVD	id:	CNNVD-201401-166	date:	2014-01-14T00:00:00
db:	NVD	id:	CVE-2014-0659	date:	2014-01-12T18:34:55.957