{"id": "CVE-2014-7249", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-12-19T11:59:01.400", "references": [{"url": "http://jvn.jp/en/jp/JVN22440986/index.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000132", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.html", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "http://jvn.jp/en/jp/JVN22440986/index.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000132", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request."}, {"lang": "es", "value": "Un desbordamiento de memoria en los Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i y SwitchBlade4000 con el firmware anterior a 2.9.1-21 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de peticiones HTTP POST manipulada."}], "lastModified": "2024-11-21T02:16:36.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:centrecom_ar415s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6790CB5F-F5E2-4276-B3CA-7FA46878B569", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:centrecom_ar415s:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C77F0C7-CE53-46E5-BB5D-5F947A6A8429"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:at-8624t\\/2m_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFD12D46-E5A2-46A3-BE9F-931E7DB4C210", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:at-8624t\\/2m:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECBDA7EA-09D6-4874-A9D1-0181AF97CC7F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:ar442s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7ACB87-0EAB-4A41-AA41-5913A99E213C", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:ar442s:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12592CF4-C917-4270-9E58-8B530507327F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:at-9924t_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B11EA4A9-C569-4F50-8962-D0ECF6E3155F", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:at-9924t:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB289C3A-B506-41DE-98B3-EF1A221A282A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:at-8848_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E2663DA-B4E3-411E-85B1-B52579F29648", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:at-8848:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EFDC6607-91AD-46AC-810D-C7A7F214CEDA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:rapier_48i_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "099A272B-6803-49D5-91C9-D407FA768FC9", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:rapier_48i:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB3C344-E2F8-4B44-8DB3-9CDC440A7A3A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:centrecom_ar450s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E913B84C-76AE-4977-8AA1-B4DF719D8D95", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:centrecom_ar450s:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC7212C5-F3DA-4FD0-B5F0-A17B33890AFB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:ar745_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "160495A1-0720-4AF6-88A1-FC35C5590A90", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:ar745:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01A5F497-AD41-4B17-9512-E51C67BE5FA9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:ar441s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E41E7B4-3938-4462-814B-C0D2651300A9", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:ar441s:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA421FDA-4ED3-4EA9-882C-D324378E2B4C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:centrecom_9924sp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28FF1C34-4434-46AA-848B-99CA26AEEB9E", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:centrecom_9924sp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "891B0B06-B1A7-4C74-8C36-9765167F0B5B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:switchblade4000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "845E30B2-E656-4A41-AB3A-08A626AF9C79", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:switchblade4000:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE5C3C0B-FCD2-4554-842C-9FFFC90FF27D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:at-8624poe_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9408776-E700-4C0B-90C4-B1D9196E51E6", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:at-8624poe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45866236-EA04-4874-81FA-C8DC0563A1B6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:centrecom_9924t\\/4sp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CB728D8-0DB3-4ED7-905C-C6A99DB7B59D", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:centrecom_9924t\\/4sp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F6BDF0D-9BB7-47DA-991A-C87CC60C80B9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:at-9816gb_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "445007A4-FAAF-4CB0-B80F-57FE389E5C30", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:at-9816gb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC17B2B0-1795-4528-B997-DEAEF3BCCF0E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:at-9924ts_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97AE756A-FDC5-4F78-B5A2-1F0BA76336F4", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:at-9924ts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BB7E5CD-B66F-434B-83C1-F31ADB903186"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:ar750s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1EB5160-2D62-4AC6-8F36-429936A18546", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:ar750s:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "435E4169-F025-4194-ACA2-FE2CCF6F2F4E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:centrecom_ar570s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80AA0879-B180-4A28-A059-9C6F9E50A58F", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:centrecom_ar570s:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01ECC037-75DD-452D-AAD1-5678E8D11845"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:centrecom_8948xl_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "611FF70C-9A67-48F3-8D52-C70FBA02D83F", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:centrecom_8948xl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E02ED13-C13C-4F06-A4BF-85C72A6B0F15"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:at-8648t\\/2sp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "965C6820-A8F7-4FBF-B2CF-BB075B1DF596", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:at-8648t\\/2sp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14124400-8FEF-4142-817A-540B2EB15BD5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:centrecom_8700sl_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "424A4E44-B707-40E5-9343-30255693E218", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:centrecom_ar8700sl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878A6AA2-4BEF-4BAC-9799-CE202DB47FBC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:ar750s-dp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDAC60F8-2E66-4F59-B29C-106C9239AB46", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:ar750s-dp:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F34FFA3-4CBA-4C3A-ABD0-DE3AB90FF70F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:centrecom_ar550s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AC86538-F3FE-4139-8A69-AABBE25B7EAC", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:centrecom_ar550s:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7353EADC-20ED-4F5C-ACC2-4201FFAF8CBB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:at-8748xl_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D55C6251-2F67-47AA-AD07-7ADF6BE65817", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:at-8748xl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E859F2-79EC-4D79-B57D-252D2BE9CB4F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:alliedtelesis:ar440s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FBE91F0-47A0-4FE7-BFBD-55839DFC38EB", "versionEndIncluding": "2.9.1-20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:alliedtelesis:ar440s:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5619B8C4-40F4-44AF-BA6C-1E85A1272881"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "vultures@jpcert.or.jp"}