Lucene search

[email protected]NVD:CVE-2014-2177

HistoryNov 07, 2014 - 11:55 a.m.

CVE-2014-2177

2014-11-0711:55:02

CWE-94

[email protected]

web.nvd.nist.gov

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.

Affected configurations

NVD

Node

ciscorv120w_firmwareRange≤1.0.5.8

AND

ciscorv120wMatch-

Node

ciscorv220w_firmwareRange≤1.0.5.8

AND

ciscorv220wMatch-

Node

ciscorv180_firmwareRange≤1.0.3.10

AND

ciscorv180Match-

ciscorv180wMatch-

References

packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html

seclists.org/fulldisclosure/2014/Nov/6

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

www.securityfocus.com/archive/1/533917/100/0/threaded

www.securitytracker.com/id/1031171

exchange.xforce.ibmcloud.com/vulnerabilities/98497

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.1%

JSON

Related for NVD:CVE-2014-2177

cve1 cvelist1 prion1 securityvulns2 cisco1