fkie_nvd - fkie_cve-2014-2179

fkie_cve-2014-2179

Vulnerability from fkie_nvd

Published

2014-11-07 11:55

Modified

2024-11-21 02:05

Severity ?

Summary

The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998.

References

URL	Tags
psirt@cisco.com	http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
psirt@cisco.com	http://seclists.org/fulldisclosure/2014/Nov/6
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv	Patch, Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/archive/1/533917/100/0/threaded
psirt@cisco.com	http://www.securitytracker.com/id/1031171
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/98499
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Nov/6
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/533917/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031171
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/98499

Impacted products

Vendor	Product	Version
cisco	rv180_firmware	*
cisco	rv180	-
cisco	rv180w	-
cisco	rv120w_firmware	*
cisco	rv120w	-
cisco	rv220w_firmware	*
cisco	rv220w	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66B8EC15-EC05-49DD-9334-AEE5C396FEC1",
              "versionEndIncluding": "1.0.3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BD67F3-98CE-4B03-8980-6791B753FDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAE232F2-B674-40E7-A96D-A1AC07CB84B7",
              "versionEndIncluding": "1.0.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40465CA8-BE8B-4F15-8578-D8972C241D84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5EB99F-8672-4939-95E8-AEE242A4EB6E",
              "versionEndIncluding": "1.0.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8620DFD9-E280-464E-91FF-2E901EDD49C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a crafted HTTP request, aka Bug ID CSCuh86998."
    },
    {
      "lang": "es",
      "value": "El firmware del router Cisco RV en los dispositivos RV220W, anterior a 1.0.5.9 en los dispositivos RV120W, y anterior a 1.0.4.14 en los dispositivos RV180 y RV180W permite a atacantes remotos subir ficheros a localizaciones arbitrarias a trav\u00e9s de una solicitud HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCuh86998."
    }
  ],
  "id": "CVE-2014-2179",
  "lastModified": "2024-11-21T02:05:48.177",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-11-07T11:55:02.517",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1031171"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98499"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-2179

Vulnerability from cvelistv5

Published

2014-11-07 11:00

Modified

2024-08-06 10:05