Sign-up

ID

VAR-201411-0401


CVE

CVE-2014-2178


TITLE

Cisco RV Router Firmware management Web Cross-site request forgery vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2014-005295

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. Vendors have confirmed this vulnerability Bug ID CSCuh87145 It is released as.A third party could hijack the administrator's authentication. The Cisco RV router firmware is the Cisco RV180 Series VPN Router firmware. An attacker could exploit this vulnerability to hijack an administrator's authentication information. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected device. This issue is being tracked by Cisco Bug IDs CSCuh87145. are all products of Cisco (Cisco). ------------------------------------------------------------------------ Details ------------------------------------------------------------------------ https://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html ------------------------------------------------------------------------ References ------------------------------------------------------------------------ [1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177 [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178 [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179 [4] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

Trust: 2.61

sources: NVD: CVE-2014-2178 // JVNDB: JVNDB-2014-005295 // CNVD: CNVD-2014-08200 // BID: 70922 // VULHUB: VHN-70117 // PACKETSTORM: 128992

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-08200

AFFECTED PRODUCTS

vendor:ciscomodel:rv220w wireless network security firewallscope: - version: -

Trust: 1.6

vendor:ciscomodel:rv120wscope:eqversion:1.0.5.8

Trust: 1.2

vendor:ciscomodel:rv120wscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv180scope:lteversion:1.0.3.10

Trust: 1.0

vendor:ciscomodel:rv220wscope:lteversion:1.0.5.8

Trust: 1.0

vendor:ciscomodel:rv180scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv180wscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv120wscope:lteversion:1.0.5.8

Trust: 1.0

vendor:ciscomodel:rv220wscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv120w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv120w wireless-n vpn firewallscope:ltversion:1.0.5.9

Trust: 0.8

vendor:ciscomodel:rv180 vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv180 vpn routerscope:ltversion:1.0.4.14

Trust: 0.8

vendor:ciscomodel:rv180w wireless-n multifunction vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv180scope:lteversion:<=1.0.3.10

Trust: 0.6

vendor:ciscomodel:rv220wscope:lteversion:<=1.0.5.8

Trust: 0.6

vendor:ciscomodel:rv220wscope:eqversion:1.0.5.8

Trust: 0.6

vendor:ciscomodel:rv180scope:eqversion:1.0.3.10

Trust: 0.6

sources: CNVD: CNVD-2014-08200 // JVNDB: JVNDB-2014-005295 // CNNVD: CNNVD-201411-100 // NVD: CVE-2014-2178

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-2178
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-2178
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-08200
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201411-100
value: MEDIUM

Trust: 0.6

VULHUB: VHN-70117
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-2178
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-08200
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-70117
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-08200 // VULHUB: VHN-70117 // JVNDB: JVNDB-2014-005295 // CNNVD: CNNVD-201411-100 // NVD: CVE-2014-2178

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-70117 // JVNDB: JVNDB-2014-005295 // NVD: CVE-2014-2178

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-100

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201411-100

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005295

PATCH
title:cisco-sa-20141105-rvurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
Trust: 0.8
title:36241url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36241
Trust: 0.8
title:Patch for Cisco RV router firmware cross-site request forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/51779
Trust: 0.6
title:RV120W-Firmware-1.0.5.9url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54615
Trust: 0.6
title:RV180W-Firmware-1.0.4.14url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54617
Trust: 0.6
title:RV180-Firmware-1.0.4.14url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=54616
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-08200 // 
            
            
            
            JVNDB: JVNDB-2014-005295 // 
            
            
            
            CNNVD: CNNVD-201411-100

EXTERNAL IDS
db:NVDid:CVE-2014-2178
Trust: 3.5
db:PACKETSTORMid:128992
Trust: 1.2
db:SECTRACKid:1031171
Trust: 1.1
db:BIDid:70922
Trust: 1.0
db:JVNDBid:JVNDB-2014-005295
Trust: 0.8
db:CNNVDid:CNNVD-201411-100
Trust: 0.7
db:CNVDid:CNVD-2014-08200
Trust: 0.6
db:VULHUBid:VHN-70117
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-08200 // 
            
            
            
            VULHUB: VHN-70117 // 
            
            
            
            BID: 70922 // 
            
            
            
            JVNDB: JVNDB-2014-005295 // 
            
            
            
            PACKETSTORM: 128992 // 
            
            
            
            CNNVD: CNNVD-201411-100 // 
            
            
            
            NVD: CVE-2014-2178

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141105-rv
Trust: 1.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2178
Trust: 1.5
url:http://www.securityfocus.com/archive/1/533917/100/0/threaded
Trust: 1.1
url:http://seclists.org/fulldisclosure/2014/nov/6
Trust: 1.1
url:http://packetstormsecurity.com/files/128992/cisco-rv-overwrite-csrf-command-execution.html
Trust: 1.1
url:http://www.securitytracker.com/id/1031171
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98498
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2178
Trust: 0.8
url:http://www.cisco.com
Trust: 0.3
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2177
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-2177
Trust: 0.1
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2179
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-2179
Trust: 0.1
url:https://www.securify.nl/advisory/sfy20130601/cisco_rv_series_multiple_vulnerabilities.html
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-2178
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-08200 // 
            
            
            
            VULHUB: VHN-70117 // 
            
            
            
            BID: 70922 // 
            
            
            
            JVNDB: JVNDB-2014-005295 // 
            
            
            
            PACKETSTORM: 128992 // 
            
            
            
            CNNVD: CNNVD-201411-100 // 
            
            
            
            NVD: CVE-2014-2178

CREDITS
Yorick Koster of Securify.
Trust: 0.3
sources:
            
            
            BID: 70922

SOURCES
db:CNVDid:CNVD-2014-08200
db:VULHUBid:VHN-70117
db:BIDid:70922
db:JVNDBid:JVNDB-2014-005295
db:PACKETSTORMid:128992
db:CNNVDid:CNNVD-201411-100
db:NVDid:CVE-2014-2178

LAST UPDATE DATE
2024-11-23T22:31:12.493000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-08200date:2014-11-12T00:00:00
db:VULHUBid:VHN-70117date:2018-10-09T00:00:00
db:BIDid:70922date:2014-11-24T02:58:00
db:JVNDBid:JVNDB-2014-005295date:2015-12-02T00:00:00
db:CNNVDid:CNNVD-201411-100date:2014-11-14T00:00:00
db:NVDid:CVE-2014-2178date:2024-11-21T02:05:48.050

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-08200date:2014-11-12T00:00:00
db:VULHUBid:VHN-70117date:2014-11-07T00:00:00
db:BIDid:70922date:2014-11-05T00:00:00
db:JVNDBid:JVNDB-2014-005295date:2014-11-10T00:00:00
db:PACKETSTORMid:128992date:2014-11-06T12:02:22
db:CNNVDid:CNNVD-201411-100date:2014-11-14T00:00:00
db:NVDid:CVE-2014-2178date:2014-11-07T11:55:02.487