Lucene search

[email protected]CVE-2014-2179

HistoryNov 07, 2014 - 11:55 a.m.

CVE-2014-2179

2014-11-0711:55:02

CWE-20

[email protected]

web.nvd.nist.gov

cisco

rv router

firmware

remote file upload

http request

security vulnerability

cve-2014-2179

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.

Affected configurations

NVD

Node

ciscorv180_firmwareRange≤1.0.3.10

AND

ciscorv180Match-

ciscorv180wMatch-

Node

ciscorv120w_firmwareRange≤1.0.5.8

AND

ciscorv120wMatch-

Node

ciscorv220w_firmwareRange≤1.0.5.8

AND

ciscorv220wMatch-

CPENameOperatorVersion
cisco:rv180_firmwarecisco rv180 firmwarele1.0.3.10
cisco:rv180cisco rv180eq-
cisco:rv180wcisco rv180weq-

CPE	Name	Operator	Version
cisco:rv180_firmware	cisco rv180 firmware	le	1.0.3.10
cisco:rv180	cisco rv180	eq	-
cisco:rv180w	cisco rv180w	eq	-

References

packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html

seclists.org/fulldisclosure/2014/Nov/6

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

www.securityfocus.com/archive/1/533917/100/0/threaded

www.securitytracker.com/id/1031171

exchange.xforce.ibmcloud.com/vulnerabilities/98499

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2014-2179

prion1 nvd1 cvelist1 securityvulns2 cisco1