Vulnerabilites related to cisco - rvs4000_software
cve-2011-1647
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/47985 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1025565 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47985"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "47985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47985"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47985"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-1647",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:37:24.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1645
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/47988 | vdb-entry, x_refsource_BID | |
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1025565 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47988"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "47988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47988"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47988"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-1645",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:37:24.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1646
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:37
Severity ?
EPSS score ?
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id?1025565 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-1646",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:37:24.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2024-11-21 01:26
Severity ?
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rvs4000 | 1 | |
| cisco | rvs4000 | 2 | |
| cisco | rvs4000_software | 1.3.0.5 | |
| cisco | rvs4000_software | 1.3.1.0 | |
| cisco | rvs4000_software | 1.3.2.0 | |
| cisco | rvs4000_software | 2.0.0.3 | |
| cisco | wrvs4400n | 1.0 | |
| cisco | wrvs4400n | 1.1 | |
| cisco | wrvs4400n | 2 | |
| cisco | wrvs4400n_software | 1.3.0.5 | |
| cisco | wrvs4400n_software | 1.3.1.0 | |
| cisco | wrvs4400n_software | 1.3.2.0 | |
| cisco | wrvs4400n_software | 2.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rvs4000:1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEB65FB-54C5-4574-9208-F3E3EE823B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:rvs4000:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7E4042-1F62-4DF7-A624-2F492F792937",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5363CFAF-439E-488C-9E97-BE04D80A4F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "096FB511-0E5D-46B6-827B-EAB242E015EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "567C5658-57F0-4BBA-9849-9A77504102FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2596081A-DFA3-4006-9B7C-EE3A29ED0341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D4BF4B-0360-4A3B-8843-1D5E84CA948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C01433D-F43E-4574-BC04-1F0C060BBFC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C11E2E-B910-45EC-A8FA-6BAAFFD26ED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C754BA1B-7DEC-49F4-835F-1EDA9289E19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0606AC-B349-411A-8D45-213A60FCFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CE7344-400B-4E2F-B9DF-C2B0BB74B080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB82F7E-A77E-400A-B894-3207026826C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871."
},
{
"lang": "es",
"value": "El interfaz de administraci\u00f3n web de Cisco RVS4000 Gigabit Security Router con software 1.x anteriores a 1.3.3.4 y 2.x anteriores a 2.0.2.7, y de WRVS4400N Gigabit Security Router con software anterior a la versi\u00f3n 2.0.2.1 permite a atacantes remotos leer la clave privada del certificado SSL admin a trav\u00e9s de vectores sin especificar. Tambi\u00e9n conocido como Bug ID CSCtn23871."
}
],
"id": "CVE-2011-1647",
"lastModified": "2024-11-21T01:26:43.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:02.827",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/47985"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025565"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2024-11-21 01:26
Severity ?
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rvs4000 | 1 | |
| cisco | rvs4000 | 2 | |
| cisco | rvs4000_software | 1.3.0.5 | |
| cisco | rvs4000_software | 1.3.1.0 | |
| cisco | rvs4000_software | 1.3.2.0 | |
| cisco | rvs4000_software | 2.0.0.3 | |
| cisco | wrvs4400n | 1.0 | |
| cisco | wrvs4400n | 1.1 | |
| cisco | wrvs4400n | 2 | |
| cisco | wrvs4400n_software | 1.3.0.5 | |
| cisco | wrvs4400n_software | 1.3.1.0 | |
| cisco | wrvs4400n_software | 1.3.2.0 | |
| cisco | wrvs4400n_software | 2.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rvs4000:1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEB65FB-54C5-4574-9208-F3E3EE823B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:rvs4000:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7E4042-1F62-4DF7-A624-2F492F792937",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5363CFAF-439E-488C-9E97-BE04D80A4F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "096FB511-0E5D-46B6-827B-EAB242E015EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "567C5658-57F0-4BBA-9849-9A77504102FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2596081A-DFA3-4006-9B7C-EE3A29ED0341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D4BF4B-0360-4A3B-8843-1D5E84CA948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C01433D-F43E-4574-BC04-1F0C060BBFC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C11E2E-B910-45EC-A8FA-6BAAFFD26ED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C754BA1B-7DEC-49F4-835F-1EDA9289E19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0606AC-B349-411A-8D45-213A60FCFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CE7344-400B-4E2F-B9DF-C2B0BB74B080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB82F7E-A77E-400A-B894-3207026826C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871."
},
{
"lang": "es",
"value": "El interfaz de administraci\u00f3n web de Cisco RVS4000 Gigabit Security Router con software 1.x anteriores a 1.3.3.4 y 2.x anteriores a 2.0.2.7, y de WRVS4400N Gigabit Security Router con software anterior a la versi\u00f3n 2.0.2.1, permite a atacantes remotos leer el archivo de configuraci\u00f3n del backup, y por consiguiente ejecutar c\u00f3digo arbitrario, a trav\u00e9s de vectores sin especificar. Tambi\u00e9n conocido como Bug ID CSCtn23871."
}
],
"id": "CVE-2011-1645",
"lastModified": "2024-11-21T01:26:42.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:02.750",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/47988"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025565"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2024-11-21 01:26
Severity ?
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rvs4000 | 1 | |
| cisco | rvs4000 | 2 | |
| cisco | rvs4000_software | 1.3.0.5 | |
| cisco | rvs4000_software | 1.3.1.0 | |
| cisco | rvs4000_software | 1.3.2.0 | |
| cisco | rvs4000_software | 2.0.0.3 | |
| cisco | wrvs4400n | 1.0 | |
| cisco | wrvs4400n | 1.1 | |
| cisco | wrvs4400n | 2 | |
| cisco | wrvs4400n_software | 1.3.0.5 | |
| cisco | wrvs4400n_software | 1.3.1.0 | |
| cisco | wrvs4400n_software | 1.3.2.0 | |
| cisco | wrvs4400n_software | 2.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rvs4000:1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEB65FB-54C5-4574-9208-F3E3EE823B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:rvs4000:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7E4042-1F62-4DF7-A624-2F492F792937",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5363CFAF-439E-488C-9E97-BE04D80A4F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "096FB511-0E5D-46B6-827B-EAB242E015EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "567C5658-57F0-4BBA-9849-9A77504102FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2596081A-DFA3-4006-9B7C-EE3A29ED0341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D4BF4B-0360-4A3B-8843-1D5E84CA948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C01433D-F43E-4574-BC04-1F0C060BBFC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C11E2E-B910-45EC-A8FA-6BAAFFD26ED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C754BA1B-7DEC-49F4-835F-1EDA9289E19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0606AC-B349-411A-8D45-213A60FCFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CE7344-400B-4E2F-B9DF-C2B0BB74B080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB82F7E-A77E-400A-B894-3207026826C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871."
},
{
"lang": "es",
"value": "El interfaz de administraci\u00f3n web de Cisco RVS4000 Gigabit Security Router con software 1.x anteriores a 1.3.3.4 y 2.x anteriores a 2.0.2.7, y de WRVS4400N Gigabit Security Router con software anterior a la versi\u00f3n 2.0.2.1, permite a atacantes remotos autenticados ejecutar comandos de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro ping test o (2) el par\u00e1metro traceroute test. Tambi\u00e9n conocido como Bug ID CSCtn23871."
}
],
"id": "CVE-2011-1646",
"lastModified": "2024-11-21T01:26:42.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:02.780",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025565"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}