CVE-2014-2178

{"id": "CVE-2014-2178", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-11-07T11:55:02.487", "references": [{"url": "http://packetstormsecurity.com/files/128992/Cisco-RV-Overwrite-CSRF-Command-Execution.html", "source": "ykramarz@cisco.com"}, {"url": "http://seclists.org/fulldisclosure/2014/Nov/6", "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv", "tags": ["Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/archive/1/533917/100/0/threaded", "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1031171", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98498", "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the administrative web interface in the Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to hijack the authentication of administrators, aka Bug ID CSCuh87145."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en la interfaz web administrativa en el firmware del router Cisco RV en los dispositivos RV220W , anterior a 1.0.5.9 en los dispositivos RV120W, y anterior a 1.0.4.14 en los dispositivos RV180 y RV180W permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores, tambi\u00e9n conocido como Bug ID CSCuh87145."}], "lastModified": "2018-10-09T19:43:10.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66B8EC15-EC05-49DD-9334-AEE5C396FEC1", "versionEndIncluding": "1.0.3.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8BD67F3-98CE-4B03-8980-6791B753FDC9"}, {"criteria": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D5EB99F-8672-4939-95E8-AEE242A4EB6E", "versionEndIncluding": "1.0.5.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8620DFD9-E280-464E-91FF-2E901EDD49C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAE232F2-B674-40E7-A96D-A1AC07CB84B7", "versionEndIncluding": "1.0.5.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40465CA8-BE8B-4F15-8578-D8972C241D84"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}