CVE-2014-4863

The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/855836	US Government Resource
https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863	Exploit
http://www.kb.cert.org/vuls/id/855836	US Government Resource
https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863	Exploit

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:arris:touchstone_dg950a_software:7.10.131:*:*:*:*:*:*:*

cpe:2.3:h:arris:touchstone_dg950a:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:11

Type	Values Removed	Values Added
References	~~() http://www.kb.cert.org/vuls/id/855836 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/855836 - US Government Resource
References	~~() https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863 - Exploit~~	() https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863 - Exploit

Information

Published : 2014-09-05 17:55

Updated : 2024-11-21 02:11

NVD link : CVE-2014-4863

Mitre link : CVE-2014-4863

CVE.ORG link : CVE-2014-4863

JSON object : View

Products Affected

arris

touchstone_dg950a
touchstone_dg950a_software

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2014-4863", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-09-05T17:55:06.953", "references": [{"url": "http://www.kb.cert.org/vuls/id/855836", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863", "tags": ["Exploit"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/855836", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request."}, {"lang": "es", "value": "El m\u00f3dem de cable Arris Touchstone DG950A con software 7.10.131 tiene una comunidad de p\u00fablico SNMP, lo que permite a atacantes remotos obtener informaci\u00f3n sensible de contrase\u00f1as, claves y SSID a trav\u00e9s de una solicitud SNMP."}], "lastModified": "2024-11-21T02:11:00.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arris:touchstone_dg950a_software:7.10.131:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8061809A-7A66-42F3-9F97-E88CD1899503"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:arris:touchstone_dg950a:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87D432A2-CC59-424B-A036-41D425379254"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cret@cert.org"}