cvelistv5 - cve-2014-2178

CVE-2014-2178 (GCVE-0-2014-2178)

Vulnerability from cvelistv5 – Published: 2014-11-07 11:00 – Updated: 2024-08-06 10:05

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://packetstormsecurity.com/files/128992/Cisco…	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://seclists.org/fulldisclosure/2014/Nov/6	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/533917/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id/1031171	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:05:59.718Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
          },
          {
            "name": "cisco-cve20142178-csrf(98498)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
          },
          {
            "name": "20141106 Cisco RV Series multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
          },
          {
            "name": "20141106 Cisco RV Series multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
          },
          {
            "name": "1031171",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1031171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
        },
        {
          "name": "cisco-cve20142178-csrf(98498)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
        },
        {
          "name": "20141106 Cisco RV Series multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
        },
        {
          "name": "20141106 Cisco RV Series multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
        },
        {
          "name": "1031171",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1031171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2178",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "cisco-cve20142178-csrf(98498)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            },
            {
              "name": "1031171",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1031171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-2178",
    "datePublished": "2014-11-07T11:00:00",
    "dateReserved": "2014-02-25T00:00:00",
    "dateUpdated": "2024-08-06T10:05:59.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.3.10\", \"matchCriteriaId\": \"66B8EC15-EC05-49DD-9334-AEE5C396FEC1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8BD67F3-98CE-4B03-8980-6791B753FDC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.5.8\", \"matchCriteriaId\": \"6D5EB99F-8672-4939-95E8-AEE242A4EB6E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8620DFD9-E280-464E-91FF-2E901EDD49C0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.5.8\", \"matchCriteriaId\": \"CAE232F2-B674-40E7-A96D-A1AC07CB84B7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40465CA8-BE8B-4F15-8578-D8972C241D84\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de CSRF en la interfaz web administrativa en el firmware del router Cisco RV en los dispositivos RV220W , anterior a 1.0.5.9 en los dispositivos RV120W, y anterior a 1.0.4.14 en los dispositivos RV180 y RV180W permite a atacantes remotos secuestrar la autenticaci\\u00f3n de administradores, tambi\\u00e9n conocido como Bug ID CSCuh87145.\"}]",
      "id": "CVE-2014-2178",
      "lastModified": "2024-11-21T02:05:48.050",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-11-07T11:55:02.487",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Nov/6\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/533917/100/0/threaded\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1031171\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/98498\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2014/Nov/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/533917/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1031171\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/98498\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-2178\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-11-07T11:55:02.487\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de CSRF en la interfaz web administrativa en el firmware del router Cisco RV en los dispositivos RV220W , anterior a 1.0.5.9 en los dispositivos RV120W, y anterior a 1.0.4.14 en los dispositivos RV180 y RV180W permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores, tambi\u00e9n conocido como Bug ID CSCuh87145.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.3.10\",\"matchCriteriaId\":\"66B8EC15-EC05-49DD-9334-AEE5C396FEC1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8BD67F3-98CE-4B03-8980-6791B753FDC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.5.8\",\"matchCriteriaId\":\"6D5EB99F-8672-4939-95E8-AEE242A4EB6E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8620DFD9-E280-464E-91FF-2E901EDD49C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.5.8\",\"matchCriteriaId\":\"CAE232F2-B674-40E7-A96D-A1AC07CB84B7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40465CA8-BE8B-4F15-8578-D8972C241D84\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Nov/6\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/533917/100/0/threaded\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1031171\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/98498\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2014/Nov/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/533917/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1031171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/98498\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2014-AVI-461

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco Small Business RV Series Routers. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une élévation de privilèges.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Small Business	Cisco RV180 VPN Router avec un firmware antérieur au 1.0.4.14
Cisco	Small Business	Cisco RV120W Wireless-N VPN Firewall avec un firmware antérieur au 1.0.5.9
Cisco	Small Business	Cisco RV220W Wireless Network Security Firewall
Cisco	Small Business	Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware antérieur au 1.0.4.14

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco du 05 novembre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco RV180 VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV120W Wireless-N VPN Firewall avec un firmware ant\u00e9rieur au 1.0.5.9",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV220W Wireless Network Security Firewall",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2178"
    },
    {
      "name": "CVE-2014-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2177"
    },
    {
      "name": "CVE-2014-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2179"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-461",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco Small Business RV Series\nRouters\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Small Business RV Series Routers",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 05 novembre 2014",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    }
  ]
}

CERTFR-2014-AVI-461

Vulnerability from certfr_avis - Published: - Updated:

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Small Business	Cisco RV180 VPN Router avec un firmware antérieur au 1.0.4.14
Cisco	Small Business	Cisco RV120W Wireless-N VPN Firewall avec un firmware antérieur au 1.0.5.9
Cisco	Small Business	Cisco RV220W Wireless Network Security Firewall
Cisco	Small Business	Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware antérieur au 1.0.4.14

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco du 05 novembre 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco RV180 VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV120W Wireless-N VPN Firewall avec un firmware ant\u00e9rieur au 1.0.5.9",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV220W Wireless Network Security Firewall",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco RV180W Wireless-N Multifunction VPN Router avec un firmware ant\u00e9rieur au 1.0.4.14",
      "product": {
        "name": "Small Business",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2178"
    },
    {
      "name": "CVE-2014-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2177"
    },
    {
      "name": "CVE-2014-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2179"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-461",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco Small Business RV Series\nRouters\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Cisco Small Business RV Series Routers",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 05 novembre 2014",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    }
  ]
}

GHSA-X77R-9J3C-W6WJ

Vulnerability from github – Published: 2022-05-14 02:53 – Updated: 2022-05-14 02:53

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-2178"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-11-07T11:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.",
  "id": "GHSA-x77r-9j3c-w6wj",
  "modified": "2022-05-14T02:53:29Z",
  "published": "2022-05-14T02:53:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2178"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1031171"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-201411-0401

Vulnerability from variot - Updated: 2023-12-18 12:21

Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. Vendors have confirmed this vulnerability Bug ID CSCuh87145 It is released as.A third party could hijack the administrator's authentication. The Cisco RV router firmware is the Cisco RV180 Series VPN Router firmware. An attacker could exploit this vulnerability to hijack an administrator's authentication information. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user's session and gain unauthorized access to the affected device. This issue is being tracked by Cisco Bug IDs CSCuh87145. are all products of Cisco (Cisco).

Details

https://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html

References

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177 [2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178 [3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179 [4] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0401",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "rv220w wireless network security firewall",
        "scope": null,
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv120w",
        "scope": "eq",
        "trust": 1.2,
        "vendor": "cisco",
        "version": "1.0.5.8"
      },
      {
        "model": "rv180",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.3.10"
      },
      {
        "model": "rv220w",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv220w",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.5.8"
      },
      {
        "model": "rv120w",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv180w",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv180",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv120w",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.0.5.8"
      },
      {
        "model": "rv120w wireless-n vpn firewall",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv120w wireless-n vpn firewall",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.0.5.9"
      },
      {
        "model": "rv180 vpn router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv180 vpn router",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.0.4.14"
      },
      {
        "model": "rv180w wireless-n multifunction vpn router",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "rv180",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "\u003c=1.0.3.10"
      },
      {
        "model": "rv220w",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "\u003c=1.0.5.8"
      },
      {
        "model": "rv220w",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1.0.5.8"
      },
      {
        "model": "rv180",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "1.0.3.10"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.3.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.5.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.5.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2178"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yorick Koster of Securify.",
    "sources": [
      {
        "db": "BID",
        "id": "70922"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-2178",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-2178",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2014-08200",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-70117",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-2178",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-08200",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201411-100",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-70117",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145. Vendors have confirmed this vulnerability Bug ID CSCuh87145 It is released as.A third party could hijack the administrator\u0027s authentication. The Cisco RV router firmware is the Cisco RV180 Series VPN Router firmware. An attacker could exploit this vulnerability to hijack an administrator\u0027s authentication information. \nExploiting this issue may allow a remote attacker to perform  certain actions in the context of an authorized user\u0027s session and gain unauthorized access to the affected device. \nThis issue is being tracked by Cisco Bug IDs CSCuh87145. are all products of Cisco (Cisco). \n\n------------------------------------------------------------------------\nDetails\n------------------------------------------------------------------------\nhttps://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html\n\n------------------------------------------------------------------------\nReferences\n------------------------------------------------------------------------\n[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177\n[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178\n[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179\n[4]\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv \n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-2178"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "db": "BID",
        "id": "70922"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70117"
      },
      {
        "db": "PACKETSTORM",
        "id": "128992"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-2178",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "128992",
        "trust": 1.2
      },
      {
        "db": "SECTRACK",
        "id": "1031171",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "70922",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-100",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-70117",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70117"
      },
      {
        "db": "BID",
        "id": "70922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "db": "PACKETSTORM",
        "id": "128992"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ]
  },
  "id": "VAR-201411-0401",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70117"
      }
    ],
    "trust": 1.32253884
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:21:07.735000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20141105-rv",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141105-rv"
      },
      {
        "title": "36241",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36241"
      },
      {
        "title": "Patch for Cisco RV router firmware cross-site request forgery vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/51779"
      },
      {
        "title": "RV120W-Firmware-1.0.5.9",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54615"
      },
      {
        "title": "RV180W-Firmware-1.0.4.14",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54617"
      },
      {
        "title": "RV180-Firmware-1.0.4.14",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=54616"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-70117"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2178"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20141105-rv"
      },
      {
        "trust": 1.5,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2178"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://seclists.org/fulldisclosure/2014/nov/6"
      },
      {
        "trust": 1.1,
        "url": "http://packetstormsecurity.com/files/128992/cisco-rv-overwrite-csrf-command-execution.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031171"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2178"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      },
      {
        "trust": 0.1,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2177"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2177"
      },
      {
        "trust": 0.1,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2179"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2179"
      },
      {
        "trust": 0.1,
        "url": "https://www.securify.nl/advisory/sfy20130601/cisco_rv_series_multiple_vulnerabilities.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-2178"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70117"
      },
      {
        "db": "BID",
        "id": "70922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "db": "PACKETSTORM",
        "id": "128992"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "db": "VULHUB",
        "id": "VHN-70117"
      },
      {
        "db": "BID",
        "id": "70922"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "db": "PACKETSTORM",
        "id": "128992"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-2178"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-11-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "date": "2014-11-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70117"
      },
      {
        "date": "2014-11-05T00:00:00",
        "db": "BID",
        "id": "70922"
      },
      {
        "date": "2014-11-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "date": "2014-11-06T12:02:22",
        "db": "PACKETSTORM",
        "id": "128992"
      },
      {
        "date": "2014-11-07T11:55:02.487000",
        "db": "NVD",
        "id": "CVE-2014-2178"
      },
      {
        "date": "2014-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-11-12T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-08200"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-70117"
      },
      {
        "date": "2014-11-24T02:58:00",
        "db": "BID",
        "id": "70922"
      },
      {
        "date": "2015-12-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      },
      {
        "date": "2018-10-09T19:43:10.127000",
        "db": "NVD",
        "id": "CVE-2014-2178"
      },
      {
        "date": "2014-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco RV Router Firmware management  Web Cross-site request forgery vulnerability in the interface",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-005295"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201411-100"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2014-2178

Vulnerability from fkie_nvd - Published: 2014-11-07 11:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
psirt@cisco.com	http://seclists.org/fulldisclosure/2014/Nov/6
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv	Patch, Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/archive/1/533917/100/0/threaded
psirt@cisco.com	http://www.securitytracker.com/id/1031171
psirt@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/98498
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2014/Nov/6
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/533917/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1031171
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/98498

Impacted products

Vendor	Product	Version
cisco	rv180_firmware	*
cisco	rv180	-
cisco	rv180w	-
cisco	rv220w_firmware	*
cisco	rv220w	-
cisco	rv120w_firmware	*
cisco	rv120w	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66B8EC15-EC05-49DD-9334-AEE5C396FEC1",
              "versionEndIncluding": "1.0.3.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BD67F3-98CE-4B03-8980-6791B753FDC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5EB99F-8672-4939-95E8-AEE242A4EB6E",
              "versionEndIncluding": "1.0.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8620DFD9-E280-464E-91FF-2E901EDD49C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAE232F2-B674-40E7-A96D-A1AC07CB84B7",
              "versionEndIncluding": "1.0.5.8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "40465CA8-BE8B-4F15-8578-D8972C241D84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en la interfaz web administrativa en el firmware del router Cisco RV en los dispositivos RV220W , anterior a 1.0.5.9 en los dispositivos RV120W, y anterior a 1.0.4.14 en los dispositivos RV180 y RV180W permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores, tambi\u00e9n conocido como Bug ID CSCuh87145."
    }
  ],
  "id": "CVE-2014-2178",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-11-07T11:55:02.487",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1031171"
    },
    {
      "source": "psirt@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1031171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2014-2178

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-2178

Aliases

CVE-2014-2178

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-2178",
    "description": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.",
    "id": "GSD-2014-2178"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-2178"
      ],
      "details": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145.",
      "id": "GSD-2014-2178",
      "modified": "2023-12-13T01:22:46.316745Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-2178",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
          },
          {
            "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
          },
          {
            "name": "cisco-cve20142178-csrf(98498)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
          },
          {
            "name": "20141106 Cisco RV Series multiple vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
          },
          {
            "name": "20141106 Cisco RV Series multiple vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
          },
          {
            "name": "1031171",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1031171"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.3.10",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.5.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.5.8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-2178"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20141105 Multiple Vulnerabilities in Cisco Small Business RV Series Routers",
              "refsource": "CISCO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2014/Nov/6"
            },
            {
              "name": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html"
            },
            {
              "name": "1031171",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1031171"
            },
            {
              "name": "cisco-cve20142178-csrf(98498)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498"
            },
            {
              "name": "20141106 Cisco RV Series multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-09T19:43Z",
      "publishedDate": "2014-11-07T11:55Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-2178 (GCVE-0-2014-2178)

CERTFR-2014-AVI-461

Contournement provisoire

CERTFR-2014-AVI-461

Contournement provisoire

GHSA-X77R-9J3C-W6WJ

VAR-201411-0401

Details

References

FKIE_CVE-2014-2178

GSD-2014-2178

Tags

Sightings

Nomenclature