RCE in Cisco Rvs4000
CVE-2014-0659
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and config…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.656 (98.5th percentile) — read the EPSS interpretation.
Affected products
- Cisco Rvs4000
- Cisco Rvs4000_firmware — versions 1.3.2.0, 1.3.3.5, 2.0.0.3
- Cisco Wap4410n
- Cisco Wap4410n_firmware — versions 2.0.2.1, 2.0.3.3, 2.0.4.2
- Cisco Wrvs4400n
- Cisco Wrvs4400n_firmware — versions 1.1.03, 1.1.13, 2.0.1.3
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- 56292 (x_refsource_SECUNIA, third-party-advisory)
- 20140110 Undocumented Test Interface in Cisco Small Business Devices (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- cisco-small-cve20140659-priv-esc(90233) (vdb-entry, x_refsource_XF)
- 64776 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- 1029580 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
- 1029579 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- psirt@cisco.com (Patch, x_refsource_MISC, Issue Tracking)
Frequently asked questions
- What is CVE-2014-0659?
- CVE-2014-0659 is a vulnerability in Cisco Rvs4000, classified under OS Command Injection. Published 2014-01-12.
- Is CVE-2014-0659 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.