Lucene search

PRIOn knowledge basePRION:CVE-2014-0683

HistoryMar 06, 2014 - 11:55 a.m.

Design/Logic Flaw

2014-03-0611:55:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

77.0%

JSON

The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.

CPENameOperatorVersion
cvr100w_firmwarele1.0.1.19
rv110w_firmwarele1.2.0.9
rv215w_firmwarele1.1.0.5

Name	Operator	Version
cvr100w_firmware	le	1.0.1.19
rv110w_firmware	le	1.2.0.9
rv215w_firmware	le	1.1.0.5

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd

www.exploit-db.com/exploits/45986/

7.3 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

77.0%

JSON

Related for PRION:CVE-2014-0683