Lucene search

K
cve[email protected]CVE-2014-7249
HistoryDec 19, 2014 - 11:59 a.m.

CVE-2014-7249

2014-12-1911:59:01
CWE-119
web.nvd.nist.gov
18
cve-2014-7249
buffer overflow
allied telesis
ar440s
ar441s
ar442s
ar745
ar750s
ar750s-dp
at-8624poe
at-8624t/2m
at-8648t/2sp
at-8748xl
at-8848
at-9816gb
at-9924t
at-9924ts
centrecom ar415s
centrecom ar450s
centrecom ar550s
centrecom ar570s
centrecom 8700sl
centrecom 8948xl
centrecom 9924sp
centrecom 9924t/4sp
rapier 48i
switchblade4000
firmware security
http post request
remote code execution
vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.0%

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

Affected configurations

NVD
Node
alliedtelesiscentrecom_ar415s_firmwareRange2.9.1-20
AND
alliedtelesiscentrecom_ar415s
Node
alliedtelesisat-8624t\/2m_firmwareRange2.9.1-20
AND
alliedtelesisat-8624t\/2m
Node
alliedtelesisar442s_firmwareRange2.9.1-20
AND
alliedtelesisar442sMatch-
Node
alliedtelesisat-9924t_firmwareRange2.9.1-20
AND
alliedtelesisat-9924t
Node
alliedtelesisat-8848_firmwareRange2.9.1-20
AND
alliedtelesisat-8848
Node
alliedtelesisrapier_48i_firmwareRange2.9.1-20
AND
alliedtelesisrapier_48i
Node
alliedtelesiscentrecom_ar450s_firmwareRange2.9.1-20
AND
alliedtelesiscentrecom_ar450s
Node
alliedtelesisar745_firmwareRange2.9.1-20
AND
alliedtelesisar745Match-
Node
alliedtelesisar441s_firmwareRange2.9.1-20
AND
alliedtelesisar441sMatch-
Node
alliedtelesiscentrecom_9924sp_firmwareRange2.9.1-20
AND
alliedtelesiscentrecom_9924sp
Node
alliedtelesisswitchblade4000_firmwareRange2.9.1-20
AND
alliedtelesisswitchblade4000
Node
alliedtelesisat-8624poe_firmwareRange2.9.1-20
AND
alliedtelesisat-8624poe
Node
alliedtelesiscentrecom_9924t\/4sp_firmwareRange2.9.1-20
AND
alliedtelesiscentrecom_9924t\/4sp
Node
alliedtelesisat-9816gb_firmwareRange2.9.1-20
AND
alliedtelesisat-9816gb
Node
alliedtelesisat-9924ts_firmwareRange2.9.1-20
AND
alliedtelesisat-9924ts
Node
alliedtelesisar750s_firmwareRange2.9.1-20
AND
alliedtelesisar750sMatch-
Node
alliedtelesiscentrecom_ar570s_firmwareRange2.9.1-20
AND
alliedtelesiscentrecom_ar570s
Node
alliedtelesiscentrecom_8948xl_firmwareRange2.9.1-20
AND
alliedtelesiscentrecom_8948xl
Node
alliedtelesisat-8648t\/2sp_firmwareRange2.9.1-20
AND
alliedtelesisat-8648t\/2sp
Node
alliedtelesiscentrecom_8700sl_firmwareRange2.9.1-20
AND
alliedtelesiscentrecom_ar8700sl
Node
alliedtelesisar750s-dp_firmwareRange2.9.1-20
AND
alliedtelesisar750s-dpMatch-
Node
alliedtelesiscentrecom_ar550s_firmwareRange2.9.1-20
AND
alliedtelesiscentrecom_ar550s
Node
alliedtelesisat-8748xl_firmwareRange2.9.1-20
AND
alliedtelesisat-8748xl
Node
alliedtelesisar440s_firmwareRange2.9.1-20
AND
alliedtelesisar440sMatch-

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.0%

Related for CVE-2014-7249