Details of VAR-201412-0286

ID

VAR-201412-0286

CVE

CVE-2014-7993

TITLE

plural Cisco-Meraki Vulnerability of obtaining important authentication information in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-007387

DESCRIPTION

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to obtain sensitive credential information by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00302012. Cisco Meraki MS MRMX is Cisco's cloud management wireless networking device. Meraki Ms Firmware is prone to a remote security vulnerability. A security vulnerability exists in several Cisco-Meraki devices due to HTTP handlers not properly validating requests. The following products and versions are affected: Cisco-Meraki MS, MR and MX with firmware versions prior to 2014-09-24

Trust: 2.52

sources: NVD: CVE-2014-7993 // JVNDB: JVNDB-2014-007387 // CNVD: CNVD-2014-09189 // BID: 77814 // VULHUB: VHN-75938

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-09189

AFFECTED PRODUCTS

vendor:	cisco	model:	meraki ms	scope:	lte	version:	2014-09-24	Trust: 1.0
vendor:	cisco	model:	meraki mr	scope:	lte	version:	2014-09-24	Trust: 1.0
vendor:	cisco	model:	meraki mx	scope:	lte	version:	2014-09-24	Trust: 1.0
vendor:	cisco	model:	meraki mx	scope:	eq	version:	2014-09-24	Trust: 0.9
vendor:	cisco	model:	meraki ms	scope:	eq	version:	2014-09-24	Trust: 0.9
vendor:	cisco	model:	meraki mr	scope:	eq	version:	2014-09-24	Trust: 0.9
vendor:	cisco	model:	cisco-meraki mr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	cisco-meraki mr	scope:	lt	version:	2014-09-24	Trust: 0.8
vendor:	cisco	model:	cisco-meraki ms	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	cisco-meraki ms	scope:	lt	version:	2014-09-24	Trust: 0.8
vendor:	cisco	model:	cisco-meraki mx	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	cisco-meraki mx	scope:	lt	version:	2014-09-24	Trust: 0.8
vendor:	cisco	model:	meraki ms mrmx	scope:	lt	version:	2014-09-24	Trust: 0.6

sources: CNVD: CNVD-2014-09189 // BID: 77814 // JVNDB: JVNDB-2014-007387 // CNNVD: CNNVD-201412-480 // NVD: CVE-2014-7993

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-7993
value:	LOW
Trust: 1.0
NVD:	CVE-2014-7993
value:	LOW
Trust: 0.8
CNVD:	CNVD-2014-09189
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201412-480
value:	LOW
Trust: 0.6
VULHUB:	VHN-75938
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2014-7993
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-09189
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-75938
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-09189 // VULHUB: VHN-75938 // JVNDB: JVNDB-2014-007387 // CNNVD: CNNVD-201412-480 // NVD: CVE-2014-7993

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-75938 // JVNDB: JVNDB-2014-007387 // NVD: CVE-2014-7993

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201412-480

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201412-480

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007387

PATCH

title:	36797	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=36797	Trust: 0.8
title:	Patch for Cisco Meraki MS MRMX Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/53328	Trust: 0.6

sources: CNVD: CNVD-2014-09189 // JVNDB: JVNDB-2014-007387

EXTERNAL IDS

db:	NVD	id:	CVE-2014-7993	Trust: 3.4
db:	JVNDB	id:	JVNDB-2014-007387	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-480	Trust: 0.7
db:	CNVD	id:	CNVD-2014-09189	Trust: 0.6
db:	BID	id:	77814	Trust: 0.4
db:	VULHUB	id:	VHN-75938	Trust: 0.1

sources: CNVD: CNVD-2014-09189 // VULHUB: VHN-75938 // BID: 77814 // JVNDB: JVNDB-2014-007387 // CNNVD: CNNVD-201412-480 // NVD: CVE-2014-7993

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=36797	Trust: 2.6
url:	https://dashboard.meraki.com/firmware_security	Trust: 2.0
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7993	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7993	Trust: 0.8

sources: CNVD: CNVD-2014-09189 // VULHUB: VHN-75938 // BID: 77814 // JVNDB: JVNDB-2014-007387 // CNNVD: CNNVD-201412-480 // NVD: CVE-2014-7993

CREDITS

Unknown

Trust: 0.3

sources: BID: 77814

SOURCES

db:	CNVD	id:	CNVD-2014-09189
db:	VULHUB	id:	VHN-75938
db:	BID	id:	77814
db:	JVNDB	id:	JVNDB-2014-007387
db:	CNNVD	id:	CNNVD-201412-480
db:	NVD	id:	CVE-2014-7993

LAST UPDATE DATE

2024-11-23T22:56:31.321000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-09189	date:	2014-12-30T00:00:00
db:	VULHUB	id:	VHN-75938	date:	2014-12-24T00:00:00
db:	BID	id:	77814	date:	2014-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-007387	date:	2014-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201412-480	date:	2014-12-26T00:00:00
db:	NVD	id:	CVE-2014-7993	date:	2024-11-21T02:18:23.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-09189	date:	2014-12-29T00:00:00
db:	VULHUB	id:	VHN-75938	date:	2014-12-24T00:00:00
db:	BID	id:	77814	date:	2014-12-23T00:00:00
db:	JVNDB	id:	JVNDB-2014-007387	date:	2014-12-25T00:00:00
db:	CNNVD	id:	CNNVD-201412-480	date:	2014-12-24T00:00:00
db:	NVD	id:	CVE-2014-7993	date:	2014-12-24T00:59:00.063