CVE-2011-1647

The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml	Vendor Advisory
http://www.securityfocus.com/bid/47985
http://www.securitytracker.com/id?1025565

Advertisement

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:h:cisco:rvs4000:1:::::::*
	cpe:2.3:h:cisco:rvs4000:2:::::::*

OR	cpe:2.3:a:cisco:rvs4000_software:1.3.1.0:::::::*
	cpe:2.3:a:cisco:rvs4000_software:1.3.0.5:::::::*
	cpe:2.3:a:cisco:rvs4000_software:2.0.0.3:::::::*
	cpe:2.3:a:cisco:rvs4000_software:1.3.2.0:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:h:cisco:wrvs4400n:1.0:::::::*
	cpe:2.3:h:cisco:wrvs4400n:1.1:::::::*
	cpe:2.3:h:cisco:wrvs4400n:2:::::::*

OR	cpe:2.3:a:cisco:wrvs4400n_software:1.3.1.0:::::::*
	cpe:2.3:a:cisco:wrvs4400n_software:1.3.2.0:::::::*
	cpe:2.3:a:cisco:wrvs4400n_software:1.3.0.5:::::::*
	cpe:2.3:a:cisco:wrvs4400n_software:2.0.0.3:::::::*

Information

Published : 2011-05-31 13:55

Updated : 2011-09-06 20:16

NVD link : CVE-2011-1647

Mitre link : CVE-2011-1647

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

Products Affected

cisco

wrvs4400n_software
rvs4000
wrvs4400n
rvs4000_software

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml", "name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/47985", "name": "47985", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1025565", "name": "1025565", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-1647", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-05-31T20:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:rvs4000:1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:rvs4000:2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:rvs4000_software:1.3.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:rvs4000_software:1.3.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:rvs4000_software:2.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:rvs4000_software:1.3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:wrvs4400n:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:wrvs4400n:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:cisco:wrvs4400n:2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:wrvs4400n_software:2.0.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-09-07T03:16Z"}