Lucene search

PRIOn knowledge basePRION:CVE-2014-2177

HistoryNov 07, 2014 - 11:55 a.m.

Design/Logic Flaw

2014-11-0711:55:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON

The network-diagnostics administration interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote authenticated users to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCuh87126.

CPENameOperatorVersion
rv120w_firmwarele1.0.5.8
rv180_firmwarele1.0.3.10
rv220w_firmwarele1.0.5.8

Name	Operator	Version
rv120w_firmware	le	1.0.5.8
rv180_firmware	le	1.0.3.10
rv220w_firmware	le	1.0.5.8

References

packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html

seclists.org/fulldisclosure/2014/Nov/6

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

www.securityfocus.com/archive/1/533917/100/0/threaded

www.securitytracker.com/id/1031171

exchange.xforce.ibmcloud.com/vulnerabilities/98497

7.8 High

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for PRION:CVE-2014-2177