Vulnerability CVE-2014-0683


Published: 2014-03-06

Description:
The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.

See advisories in our WLB2 database:
Topic
Author
Date
High
CISCO RV110W RV215W CVR100W Bypass Login Page
Gustavo Speranza
05.03.2014

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Cisco -> Cvr100w 
Cisco -> Rv110w 
Cisco -> Rv215w 
Cisco -> Cvr100w firmware 
Cisco -> Rv110w firmware 
Cisco -> Rv215w firmware 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd
https://www.exploit-db.com/exploits/45986/

Copyright 2024, cxsecurity.com

 

Back to Top