PT-2014-3754 · Cisco · Cisco Rvs4000+2
Andreas Fett
+20
·
Publicado
2014-01-12
·
Atualizado
2017-08-29
·
CVE-2014-0659
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco WAP4410N access point versions 2.0.6.1 and earlier
Cisco WRVS4400N router versions 1.1.13 and earlier, versions 2.0.2.1 and earlier
Cisco RVS4000 router versions 2.0.3.2 and earlier
Description
The issue allows remote attackers to read credential and configuration data and execute arbitrary commands via requests to the test interface on TCP port 32764.
Recommendations
For Cisco WAP4410N access point versions 2.0.6.1 and earlier, update the firmware to a version later than 2.0.6.1.
For Cisco WRVS4400N router versions 1.1.13 and earlier, update the firmware to a version later than 1.1.13.
For Cisco WRVS4400N router versions 2.0.2.1 and earlier, update the firmware to a version later than 2.0.2.1.
For Cisco RVS4000 router versions 2.0.3.2 and earlier, update the firmware to a version later than 2.0.3.2.
As a temporary workaround, consider restricting access to the test interface on TCP port 32764 until a patch is available.
Exploit
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Rvs4000
Cisco Wap4410N
Cisco Wrvs4400N