cve-2014-0659
Vulnerability from cvelistv5
Published
2014-01-12 15:00
Modified
2024-08-06 09:20
Severity ?
Summary
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
References
psirt@cisco.comhttp://secunia.com/advisories/56292
psirt@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbdVendor Advisory
psirt@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=32381Vendor Advisory
psirt@cisco.comhttp://www.securityfocus.com/bid/64776Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1029579Third Party Advisory, VDB Entry
psirt@cisco.comhttp://www.securitytracker.com/id/1029580Third Party Advisory, VDB Entry
psirt@cisco.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/90233
psirt@cisco.comhttps://github.com/elvanderb/TCP-32764Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/56292
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbdVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=32381Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64776Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029579Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029580Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/90233
af854a3a-2127-422b-91ae-364da2661108https://github.com/elvanderb/TCP-32764Issue Tracking, Patch
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T09:20:19.839Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "56292",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/56292",
               },
               {
                  name: "20140110 Undocumented Test Interface in Cisco Small Business Devices",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_CISCO",
                     "x_transferred",
                  ],
                  url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd",
               },
               {
                  name: "cisco-small-cve20140659-priv-esc(90233)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90233",
               },
               {
                  name: "64776",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/64776",
               },
               {
                  name: "1029580",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1029580",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381",
               },
               {
                  name: "1029579",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1029579",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/elvanderb/TCP-32764",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-01-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "56292",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/56292",
            },
            {
               name: "20140110 Undocumented Test Interface in Cisco Small Business Devices",
               tags: [
                  "vendor-advisory",
                  "x_refsource_CISCO",
               ],
               url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd",
            },
            {
               name: "cisco-small-cve20140659-priv-esc(90233)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90233",
            },
            {
               name: "64776",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/64776",
            },
            {
               name: "1029580",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1029580",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381",
            },
            {
               name: "1029579",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1029579",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/elvanderb/TCP-32764",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2014-0659",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "56292",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/56292",
                  },
                  {
                     name: "20140110 Undocumented Test Interface in Cisco Small Business Devices",
                     refsource: "CISCO",
                     url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd",
                  },
                  {
                     name: "cisco-small-cve20140659-priv-esc(90233)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/90233",
                  },
                  {
                     name: "64776",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/64776",
                  },
                  {
                     name: "1029580",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1029580",
                  },
                  {
                     name: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381",
                     refsource: "CONFIRM",
                     url: "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381",
                  },
                  {
                     name: "1029579",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1029579",
                  },
                  {
                     name: "https://github.com/elvanderb/TCP-32764",
                     refsource: "MISC",
                     url: "https://github.com/elvanderb/TCP-32764",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2014-0659",
      datePublished: "2014-01-12T15:00:00",
      dateReserved: "2014-01-02T00:00:00",
      dateUpdated: "2024-08-06T09:20:19.839Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2014-0659\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2014-01-12T18:34:55.957\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.\"},{\"lang\":\"es\",\"value\":\"El punto de acceso Cisco WAP4410N con firmware hasta 2.0.6.1, router WRVS4400N con firmware 1.x hasta 1.1.13 y 2.x hasta 2.0.21, y router RVS4000 con firmware hasta 2.0.3.2 permite a atacantes remotos leer información de credenciales y configuración, y ejecutar comandos de forma arbitraria, a través de peticiones al interface test en el puerto TCP 32764, tambien conocido como Bug IDs CSCum37566, CSCum43693, CSCum43700, y CSCum43685.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.3.2\",\"matchCriteriaId\":\"930991E4-6DDC-41FD-84AE-AB8C66919A6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rvs4000_firmware:1.3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8FCC1E8-9363-406F-9A46-AEC7A7410C61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rvs4000_firmware:1.3.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F33610B9-6D34-47B7-A4B3-03CA0573394C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rvs4000_firmware:2.0.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6A6F859-70C6-4FAC-899F-FD0547CC3C03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rvs4000_firmware:2.0.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F5B209A-8490-4B8D-B058-A1219DCF536B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC30BCF7-FA1A-44B3-8C58-17DFA939E7C7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wrvs4400n_firmware:1.1.03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85B35695-9316-4FF9-B5B5-77A11B89ABC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wrvs4400n_firmware:1.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BCAFAC5-CD3D-4329-B004-0E1983256FBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wrvs4400n_firmware:2.0.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0FBF91E-A972-47A2-9B14-C20170CE9B59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wrvs4400n_firmware:2.0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77C2AC61-F086-41FE-8ABC-8D18C089AC28\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:wrvs4400n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC842A29-7A55-4474-B5AD-A6813FE16A7D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0.6.1\",\"matchCriteriaId\":\"40ED8DCA-1EC7-4AE9-9004-B17212EFCF76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap4410n_firmware:2.0.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98469AA4-E146-40F0-B540-C61918BCDE62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap4410n_firmware:2.0.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0224CF2-BBAA-48A8-8B89-BBA50F12EF2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wap4410n_firmware:2.0.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74C59A02-869E-4527-AA44-84E8B71A9EBC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF89AC2-2A85-463C-A644-B3FA31A470FA\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/56292\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=32381\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/64776\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029579\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029580\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90233\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://github.com/elvanderb/TCP-32764\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://secunia.com/advisories/56292\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=32381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/64776\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029579\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029580\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90233\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/elvanderb/TCP-32764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.