Vulnerabilities > CVE-2014-0683 - Credentials Management vulnerability in Cisco products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

cisco

CWE-255

critical

exploit available

NVD

Published: 2014-03-06

Updated: 2018-12-15

Summary

The web management interface on the Cisco RV110W firewall with firmware 1.2.0.9 and earlier, RV215W router with firmware 1.1.0.5 and earlier, and CVR100W router with firmware 1.0.1.19 and earlier does not prevent replaying of modified authentication requests, which allows remote attackers to obtain administrative access by leveraging the ability to intercept requests, aka Bug IDs CSCul94527, CSCum86264, and CSCum86275.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Rv110W Firmware 1.1.0.9 Cisco Rv215W Firmware * Cisco Cvr100W Firmware *	3
Hardware	Cisco Cisco Rv110W - Cisco Rv215W - Cisco Cvr100W -	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Exploit-Db

file	exploits/hardware/remote/45986.py
id	EDB-ID:45986
last seen	2018-12-16
modified	2018-12-14
platform	hardware
port	443
published	2018-12-14
reporter	Exploit-DB
source	https://www.exploit-db.com/download/45986
title	Cisco RV110W - Password Disclosure / Command Execution
type	remote

Packetstorm

data source	https://packetstormsecurity.com/files/download/150781/ciscorv110w-discloseexec.txt
id	PACKETSTORM:150781
last seen	2018-12-25
published	2018-12-14
reporter	RySh
source	https://packetstormsecurity.com/files/150781/Cisco-RV110W-Password-Disclosure-Command-Execution.html
title	Cisco RV110W Password Disclosure / Command Execution

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Packetstorm

References