ID

VAR-201412-0289


CVE

CVE-2014-7999


TITLE

plural Cisco-Meraki Vulnerability to install arbitrary firmware in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-007392

DESCRIPTION

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. Cisco-Meraki MS MRMX is Cisco's cloud management wireless networking device. Meraki Mx is prone to a remote security vulnerability. Cisco-Meraki MS, MR and MX are all cloud-managed wireless network devices of Cisco (Cisco)

Trust: 2.52

sources: NVD: CVE-2014-7999 // JVNDB: JVNDB-2014-007392 // CNVD: CNVD-2014-09192 // BID: 77815 // VULHUB: VHN-75944

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-09192

AFFECTED PRODUCTS

vendor:ciscomodel:meraki mxscope:eqversion: -

Trust: 1.3

vendor:ciscomodel:meraki msscope:eqversion: -

Trust: 1.3

vendor:ciscomodel:meraki mrscope:eqversion: -

Trust: 1.3

vendor:ciscomodel:meraki msscope:lteversion:2014-09-24

Trust: 1.0

vendor:ciscomodel:meraki mrscope:lteversion:2014-09-24

Trust: 1.0

vendor:ciscomodel:meraki mxscope:lteversion:2014-09-24

Trust: 1.0

vendor:ciscomodel:meraki mxscope:eqversion:2014-09-24

Trust: 0.9

vendor:ciscomodel:meraki msscope:eqversion:2014-09-24

Trust: 0.9

vendor:ciscomodel:meraki mrscope:eqversion:2014-09-24

Trust: 0.9

vendor:ciscomodel:cisco-meraki mrscope: - version: -

Trust: 0.8

vendor:ciscomodel:cisco-meraki mrscope:ltversion:2014-09-24

Trust: 0.8

vendor:ciscomodel:cisco-meraki msscope: - version: -

Trust: 0.8

vendor:ciscomodel:cisco-meraki msscope:ltversion:2014-09-24

Trust: 0.8

vendor:ciscomodel:cisco-meraki mxscope: - version: -

Trust: 0.8

vendor:ciscomodel:cisco-meraki mxscope:ltversion:2014-09-24

Trust: 0.8

vendor:ciscomodel:meraki ms mrmxscope:ltversion:2014-09-24

Trust: 0.6

sources: CNVD: CNVD-2014-09192 // BID: 77815 // JVNDB: JVNDB-2014-007392 // CNNVD: CNNVD-201412-483 // NVD: CVE-2014-7999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-7999
value: HIGH

Trust: 1.0

NVD: CVE-2014-7999
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-09192
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201412-483
value: HIGH

Trust: 0.6

VULHUB: VHN-75944
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-7999
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-09192
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:M/AU:S/C:N/I:C/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-75944
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-09192 // VULHUB: VHN-75944 // JVNDB: JVNDB-2014-007392 // CNNVD: CNNVD-201412-483 // NVD: CVE-2014-7999

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-75944 // JVNDB: JVNDB-2014-007392 // NVD: CVE-2014-7999

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201412-483

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201412-483

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:meraki_mr"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:meraki_mr_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:meraki_ms"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:meraki_ms_firmware"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:cisco:meraki_mx"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:cisco:meraki_mx_firmware"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2014-007392

PATCH

title:36800url:http://tools.cisco.com/security/center/viewAlert.x?alertId=36800

Trust: 0.8

title:Patch for Cisco Meraki MS MRMX Free Firmware Installation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/53323

Trust: 0.6

sources: CNVD: CNVD-2014-09192 // JVNDB: JVNDB-2014-007392

EXTERNAL IDS

db:NVDid:CVE-2014-7999

Trust: 3.4

db:JVNDBid:JVNDB-2014-007392

Trust: 0.8

db:CNNVDid:CNNVD-201412-483

Trust: 0.7

db:CNVDid:CNVD-2014-09192

Trust: 0.6

db:BIDid:77815

Trust: 0.4

db:VULHUBid:VHN-75944

Trust: 0.1

sources: CNVD: CNVD-2014-09192 // VULHUB: VHN-75944 // BID: 77815 // JVNDB: JVNDB-2014-007392 // CNNVD: CNNVD-201412-483 // NVD: CVE-2014-7999

REFERENCES

url:http://tools.cisco.com/security/center/viewalert.x?alertid=36800

Trust: 2.6

url:https://dashboard.meraki.com/firmware_security

Trust: 2.0

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7999

Trust: 1.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7999

Trust: 0.8

sources: CNVD: CNVD-2014-09192 // VULHUB: VHN-75944 // BID: 77815 // JVNDB: JVNDB-2014-007392 // CNNVD: CNNVD-201412-483 // NVD: CVE-2014-7999

CREDITS

Unknown

Trust: 0.3

sources: BID: 77815

SOURCES

db:CNVDid:CNVD-2014-09192
db:VULHUBid:VHN-75944
db:BIDid:77815
db:JVNDBid:JVNDB-2014-007392
db:CNNVDid:CNNVD-201412-483
db:NVDid:CVE-2014-7999

LAST UPDATE DATE

2024-11-23T22:22:58.488000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-09192date:2014-12-30T00:00:00
db:VULHUBid:VHN-75944date:2014-12-24T00:00:00
db:BIDid:77815date:2014-12-23T00:00:00
db:JVNDBid:JVNDB-2014-007392date:2015-01-05T00:00:00
db:CNNVDid:CNNVD-201412-483date:2014-12-26T00:00:00
db:NVDid:CVE-2014-7999date:2024-11-21T02:18:24.277

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-09192date:2014-12-29T00:00:00
db:VULHUBid:VHN-75944date:2014-12-24T00:00:00
db:BIDid:77815date:2014-12-23T00:00:00
db:JVNDBid:JVNDB-2014-007392date:2015-01-05T00:00:00
db:CNNVDid:CNNVD-201412-483date:2014-12-24T00:00:00
db:NVDid:CVE-2014-7999date:2014-12-24T00:59:03.343