CVE-2014-0659: OS Command Injection
First published: Sun Jan 12 2014(Updated: )
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco RVS4000 | <=2.0.3.2 | |
| Cisco RVS4000 | =1.3.2.0 | |
| Cisco RVS4000 | =1.3.3.5 | |
| Cisco RVS4000 | =2.0.0.3 | |
| Cisco RVS4000 | =2.0.2.7 | |
| Cisco RVS4000 Firmware | ||
| Cisco WRVS4400N | =1.1.03 | |
| Cisco WRVS4400N | =1.1.13 | |
| Cisco WRVS4400N | =2.0.1.3 | |
| Cisco WRVS4400N | =2.0.2.1 | |
| Cisco WRVS4400N Wireless-N Gigabit Security Router | ||
| Cisco WAP4410N Firmware | <=2.0.6.1 | |
| Cisco WAP4410N Firmware | =2.0.2.1 | |
| Cisco WAP4410N Firmware | =2.0.3.3 | |
| Cisco WAP4410N Firmware | =2.0.4.2 | |
| Cisco WAP4410N Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/56292
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32381
- http://www.securityfocus.com/bid/64776
- http://www.securitytracker.com/id/1029579
- http://www.securitytracker.com/id/1029580
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90233
- https://github.com/elvanderb/TCP-32764
Frequently Asked Questions
What is the severity of CVE-2014-0659?
CVE-2014-0659 has a high CVSS score due to its potential for unauthorized access to sensitive configuration and credential data.
How do I fix CVE-2014-0659?
To fix CVE-2014-0659, update the firmware of the affected Cisco devices to the latest available version.
Which Cisco devices are affected by CVE-2014-0659?
CVE-2014-0659 affects the Cisco WAP4410N, WRVS4400N, and RVS4000 devices with specific firmware versions.
Can CVE-2014-0659 be exploited remotely?
Yes, CVE-2014-0659 can be exploited remotely, allowing attackers to read credentials and execute commands without physical access.
What type of vulnerabilities does CVE-2014-0659 represent?
CVE-2014-0659 represents a number of vulnerabilities that involve improper input validation and lack of authentication for sensitive operations.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco rvs4000
- version/cisco rvs4000/2.0.3.2
- version/cisco rvs4000/1.3.2.0
- version/cisco rvs4000/1.3.3.5
- version/cisco rvs4000/2.0.0.3
- version/cisco rvs4000/2.0.2.7
- canonical/cisco rvs4000 firmware
- canonical/cisco wrvs4400n
- version/cisco wrvs4400n/1.1.03
- version/cisco wrvs4400n/1.1.13
- version/cisco wrvs4400n/2.0.1.3
- version/cisco wrvs4400n/2.0.2.1
- canonical/cisco wrvs4400n wireless-n gigabit security router
- canonical/cisco wap4410n firmware
- version/cisco wap4410n firmware/2.0.6.1
- version/cisco wap4410n firmware/2.0.2.1
- version/cisco wap4410n firmware/2.0.3.3
- version/cisco wap4410n firmware/2.0.4.2