Executive Summary
Summary | |
---|---|
Title | Undocumented Test Interface in Cisco Small Business Devices |
Informations | |||
---|---|---|---|
Name | cisco-sa-20140110-sbd | First vendor Publication | 2014-01-10 |
Vendor | Cisco | Last vendor Modification | 2014-01-10 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device. Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlLQN78ACgkQUddfH3/BbTqu+wD/eWfAdt6H8ltKyHE4DT8SkTPM j08MEAnhmkmuHjXSuwEA/0VbbYIOr1mqoOJEUbF3aFw7Veacwgk555uevEeC1/9b =V3bU END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Hardware | 1 | |
Hardware | 1 | |
Hardware | 1 | |
Os | 5 | |
Os | 4 | |
Os | 4 |
Snort® IPS/IDS
Date | Description |
---|---|
2018-05-23 | use of undocumented ScMM test interface in Cisco small business devices detected RuleID : 46124-community - Revision : 3 - Type : PROTOCOL-OTHER |
2018-05-01 | use of undocumented ScMM test interface in Cisco small business devices detected RuleID : 46124 - Revision : 3 - Type : PROTOCOL-OTHER |
2018-05-23 | use of undocumented ScMM test interface in Cisco small business devices detected RuleID : 46123-community - Revision : 3 - Type : PROTOCOL-OTHER |
2018-05-01 | use of undocumented ScMM test interface in Cisco small business devices detected RuleID : 46123 - Revision : 3 - Type : PROTOCOL-OTHER |
2018-05-23 | use of undocumented ScMM test interface in Cisco small business devices detected RuleID : 46122-community - Revision : 3 - Type : PROTOCOL-OTHER |
2018-05-01 | use of undocumented ScMM test interface in Cisco small business devices detected RuleID : 46122 - Revision : 3 - Type : PROTOCOL-OTHER |
2018-05-23 | use of undocumented ScMM test interface in Cisco small business devices detected RuleID : 46121-community - Revision : 3 - Type : PROTOCOL-OTHER |
2018-05-01 | use of undocumented ScMM test interface in Cisco small business devices detected RuleID : 46121 - Revision : 3 - Type : PROTOCOL-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-01-06 | Name : The remote device contains a backdoor. File : scmm_backdoor.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:13 |
|
2014-01-13 21:24:37 |
|
2014-01-10 21:20:24 |
|