PT-2014-3754 · Cisco · Cisco Rvs4000+2
Andreas Fett
+20
·
Published
2014-01-12
·
Updated
2017-08-29
·
CVE-2014-0659
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco WAP4410N access point versions 2.0.6.1 and earlier
Cisco WRVS4400N router versions 1.1.13 and earlier, versions 2.0.2.1 and earlier
Cisco RVS4000 router versions 2.0.3.2 and earlier
Description
The issue allows remote attackers to read credential and configuration data and execute arbitrary commands via requests to the test interface on TCP port 32764.
Recommendations
For Cisco WAP4410N access point versions 2.0.6.1 and earlier, update the firmware to a version later than 2.0.6.1.
For Cisco WRVS4400N router versions 1.1.13 and earlier, update the firmware to a version later than 1.1.13.
For Cisco WRVS4400N router versions 2.0.2.1 and earlier, update the firmware to a version later than 2.0.2.1.
For Cisco RVS4000 router versions 2.0.3.2 and earlier, update the firmware to a version later than 2.0.3.2.
As a temporary workaround, consider restricting access to the test interface on TCP port 32764 until a patch is available.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Rvs4000
Cisco Wap4410N
Cisco Wrvs4400N