Sign-up

ID

VAR-201409-0174


CVE

CVE-2014-4863


TITLE

Arris Touchstone cable modem information leakage vulnerabiliity

Trust: 0.8

sources: CERT/CC: VU#855836

DESCRIPTION

The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. Arris Provided by Touchstone DG950A Contains an information disclosure vulnerability. Arris Provided by Touchstone DG950A Is the default setting SNMP Is enabled. DG950A Is known SNMP Uses community name, username, password and WiFi There is a vulnerability that leaks information such as keys (CWE-200) . Other versions may also be affected by this vulnerability. CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlUser name, password and password set on the device by a remote third party WiFi You may be able to obtain sensitive information such as keys. The ARRIS Touchstone Data Gateway DG860P2 is a combination of a 4-port Gigabit router. This may aid in further attacks

Trust: 3.15

sources: NVD: CVE-2014-4863 // CERT/CC: VU#855836 // JVNDB: JVNDB-2014-004045 // CNVD: CNVD-2014-05344 // BID: 69631

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-05344

AFFECTED PRODUCTS

vendor:arrismodel:touchstone dg950a softwarescope:eqversion:7.10.131

Trust: 1.6

vendor:arrismodel:touchstone dg950ascope:eqversion: -

Trust: 1.0

vendor:arrismodel: - scope: - version: -

Trust: 0.8

vendor:arris groupmodel:touchstone dg950ascope: - version: -

Trust: 0.8

vendor:arris groupmodel:touchstone dg950a softwarescope:eqversion:version 7.10.131

Trust: 0.8

vendor:arrismodel:touchstone data gateway dg860p2scope:eqversion:3

Trust: 0.6

vendor:arrismodel:group touchstone dg950ascope:eqversion:7.10.131

Trust: 0.3

sources: CERT/CC: VU#855836 // CNVD: CNVD-2014-05344 // BID: 69631 // JVNDB: JVNDB-2014-004045 // CNNVD: CNNVD-201409-056 // NVD: CVE-2014-4863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4863
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4863
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2014-004045
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-05344
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201409-056
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2014-4863
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2014-4863
severity: MEDIUM
baseScore: 5.0
vectorString: NONE
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2014-004045
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-05344
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CERT/CC: VU#855836 // CNVD: CNVD-2014-05344 // JVNDB: JVNDB-2014-004045 // CNNVD: CNNVD-201409-056 // NVD: CVE-2014-4863

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2014-004045 // NVD: CVE-2014-4863

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-056

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201409-056

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-004045

EXPLOIT AVAILABILITY
sources:
            
            
            CERT/CC: VU#855836

PATCH
title:Touchstone Data Gatewayurl:http://www.arrisi.com/products/product.asp?id=53
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-004045

EXTERNAL IDS
db:NVDid:CVE-2014-4863
Trust: 4.1
db:CERT/CCid:VU#855836
Trust: 3.2
db:JVNid:JVNVU95304841
Trust: 0.8
db:JVNDBid:JVNDB-2014-004045
Trust: 0.8
db:OSVDBid:110555
Trust: 0.6
db:CNVDid:CNVD-2014-05344
Trust: 0.6
db:CNNVDid:CNNVD-201409-056
Trust: 0.6
db:CERT/CCid:VU#259548
Trust: 0.3
db:BIDid:69631
Trust: 0.3
sources:
            
            
            CERT/CC: VU#855836 // 
            
            
            
            CNVD: CNVD-2014-05344 // 
            
            
            
            BID: 69631 // 
            
            
            
            JVNDB: JVNDB-2014-004045 // 
            
            
            
            CNNVD: CNNVD-201409-056 // 
            
            
            
            NVD: CVE-2014-4863

REFERENCES
url:https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863
Trust: 3.5
url:http://www.kb.cert.org/vuls/id/855836
Trust: 2.4
url:http://moto.arrisi.com/support/documentation/user_guides/_docs/dg950_user_guide_std1-4.pdf
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/200.html
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4863
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95304841/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4863
Trust: 0.8
url:http://www.arrisi.com/support/documentation/user_guides/_docs/dg950_user_guide_std1-4.pdf
Trust: 0.8
url:http://www.osvdb.com/show/osvdb/110555
Trust: 0.6
url:http://www.arrisi.com/products/product.asp?id=50
Trust: 0.3
url:http://www.kb.cert.org/vuls/id/259548
Trust: 0.3
sources:
            
            
            CERT/CC: VU#855836 // 
            
            
            
            CNVD: CNVD-2014-05344 // 
            
            
            
            BID: 69631 // 
            
            
            
            JVNDB: JVNDB-2014-004045 // 
            
            
            
            CNNVD: CNNVD-201409-056 // 
            
            
            
            NVD: CVE-2014-4863

CREDITS
Deral Heiland and Matthew Kienow.
Trust: 0.3
sources:
            
            
            BID: 69631

SOURCES
db:CERT/CCid:VU#855836
db:CNVDid:CNVD-2014-05344
db:BIDid:69631
db:JVNDBid:JVNDB-2014-004045
db:CNNVDid:CNNVD-201409-056
db:NVDid:CVE-2014-4863

LAST UPDATE DATE
2024-11-23T22:35:06.308000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#855836date:2014-09-04T00:00:00
db:CNVDid:CNVD-2014-05344date:2014-09-01T00:00:00
db:BIDid:69631date:2014-08-21T00:00:00
db:JVNDBid:JVNDB-2014-004045date:2014-09-09T00:00:00
db:CNNVDid:CNNVD-201409-056date:2014-09-10T00:00:00
db:NVDid:CVE-2014-4863date:2024-11-21T02:11:00.637

SOURCES RELEASE DATE
db:CERT/CCid:VU#855836date:2014-09-04T00:00:00
db:CNVDid:CNVD-2014-05344date:2014-09-01T00:00:00
db:BIDid:69631date:2014-08-21T00:00:00
db:JVNDBid:JVNDB-2014-004045date:2014-09-08T00:00:00
db:CNNVDid:CNNVD-201409-056date:2014-09-10T00:00:00
db:NVDid:CVE-2014-4863date:2014-09-05T17:55:06.953