Sign-up

ID

VAR-201412-0287


CVE

CVE-2014-7994


TITLE

plural Cisco-Meraki Vulnerability to execute arbitrary commands in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-007388

DESCRIPTION

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and sending a request to an unspecified HTTP handler on the local network, aka Cisco-Meraki defect ID 00301991. Cisco-Meraki MS , MR ,and MX The device firmware contains a vulnerability that allows arbitrary commands to be executed. Vendors have confirmed this vulnerability Cisco-Meraki defect ID 00301991 It is released as.A third party uses cross-device and device-specific secret information to identify unspecified local networks. HTTP An arbitrary command may be executed by sending a request to the handler. Cisco Meraki MS MRMX is Cisco's cloud management wireless networking device. Meraki Mx is prone to a remote security vulnerability. A security vulnerability exists in several Cisco-Meraki devices due to HTTP handlers not properly validating requests

Trust: 2.52

sources: NVD: CVE-2014-7994 // JVNDB: JVNDB-2014-007388 // CNVD: CNVD-2014-09190 // BID: 77801 // VULHUB: VHN-75939

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-09190

AFFECTED PRODUCTS

vendor:ciscomodel:meraki mxscope:eqversion: -

Trust: 1.3

vendor:ciscomodel:meraki msscope:eqversion: -

Trust: 1.3

vendor:ciscomodel:meraki mrscope:eqversion: -

Trust: 1.3

vendor:ciscomodel:meraki msscope:lteversion:2014-09-24

Trust: 1.0

vendor:ciscomodel:meraki mrscope:lteversion:2014-09-24

Trust: 1.0

vendor:ciscomodel:meraki mxscope:lteversion:2014-09-24

Trust: 1.0

vendor:ciscomodel:meraki mxscope:eqversion:2014-09-24

Trust: 0.9

vendor:ciscomodel:meraki msscope:eqversion:2014-09-24

Trust: 0.9

vendor:ciscomodel:meraki mrscope:eqversion:2014-09-24

Trust: 0.9

vendor:ciscomodel:cisco-meraki mrscope: - version: -

Trust: 0.8

vendor:ciscomodel:cisco-meraki mrscope:ltversion:2014-09-24

Trust: 0.8

vendor:ciscomodel:cisco-meraki msscope: - version: -

Trust: 0.8

vendor:ciscomodel:cisco-meraki msscope:ltversion:2014-09-24

Trust: 0.8

vendor:ciscomodel:cisco-meraki mxscope: - version: -

Trust: 0.8

vendor:ciscomodel:cisco-meraki mxscope:ltversion:2014-09-24

Trust: 0.8

vendor:ciscomodel:meraki ms mrmxscope:ltversion:2014-09-24

Trust: 0.6

sources: CNVD: CNVD-2014-09190 // BID: 77801 // JVNDB: JVNDB-2014-007388 // CNNVD: CNNVD-201412-481 // NVD: CVE-2014-7994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-7994
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-7994
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-09190
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201412-481
value: MEDIUM

Trust: 0.6

VULHUB: VHN-75939
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-7994
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-09190
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-75939
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-09190 // VULHUB: VHN-75939 // JVNDB: JVNDB-2014-007388 // CNNVD: CNNVD-201412-481 // NVD: CVE-2014-7994

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-75939 // JVNDB: JVNDB-2014-007388 // NVD: CVE-2014-7994

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201412-481

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201412-481

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007388

PATCH
title:36798url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36798
Trust: 0.8
title:Patch for Cisco Meraki MS MRMX Arbitrary Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/53326
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-09190 // 
            
            
            
            JVNDB: JVNDB-2014-007388

EXTERNAL IDS
db:NVDid:CVE-2014-7994
Trust: 3.4
db:JVNDBid:JVNDB-2014-007388
Trust: 0.8
db:CNNVDid:CNNVD-201412-481
Trust: 0.7
db:CNVDid:CNVD-2014-09190
Trust: 0.6
db:BIDid:77801
Trust: 0.4
db:VULHUBid:VHN-75939
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-09190 // 
            
            
            
            VULHUB: VHN-75939 // 
            
            
            
            BID: 77801 // 
            
            
            
            JVNDB: JVNDB-2014-007388 // 
            
            
            
            CNNVD: CNNVD-201412-481 // 
            
            
            
            NVD: CVE-2014-7994

REFERENCES
url:https://dashboard.meraki.com/firmware_security
Trust: 2.6
url:http://tools.cisco.com/security/center/viewalert.x?alertid=36798
Trust: 2.0
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7994
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7994
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2014-09190 // 
            
            
            
            VULHUB: VHN-75939 // 
            
            
            
            BID: 77801 // 
            
            
            
            JVNDB: JVNDB-2014-007388 // 
            
            
            
            CNNVD: CNNVD-201412-481 // 
            
            
            
            NVD: CVE-2014-7994

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 77801

SOURCES
db:CNVDid:CNVD-2014-09190
db:VULHUBid:VHN-75939
db:BIDid:77801
db:JVNDBid:JVNDB-2014-007388
db:CNNVDid:CNNVD-201412-481
db:NVDid:CVE-2014-7994

LAST UPDATE DATE
2024-11-23T21:55:08.989000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-09190date:2014-12-29T00:00:00
db:VULHUBid:VHN-75939date:2014-12-24T00:00:00
db:BIDid:77801date:2014-12-23T00:00:00
db:JVNDBid:JVNDB-2014-007388date:2014-12-25T00:00:00
db:CNNVDid:CNNVD-201412-481date:2014-12-26T00:00:00
db:NVDid:CVE-2014-7994date:2024-11-21T02:18:23.730

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-09190date:2014-12-29T00:00:00
db:VULHUBid:VHN-75939date:2014-12-24T00:00:00
db:BIDid:77801date:2014-12-23T00:00:00
db:JVNDBid:JVNDB-2014-007388date:2014-12-25T00:00:00
db:CNNVDid:CNNVD-201412-481date:2014-12-24T00:00:00
db:NVDid:CVE-2014-7994date:2014-12-24T00:59:01.547