CVE-2014-9984
Cisco Device Hardcoded Credentials / GNU glibc / BusyBox
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.
nscd en la biblioteca C de GNU (también conocido como glibc o libc6), versiones anteriores a la 2.20 ,no calcula correctamente el tamaño de un buffer interno al procesar solicitudes netgroup, posibilitando la caída del demonio nscd o permitiendo la ejecución de código como usuario que ejecuta nscd.
Many Cisco devices such as Cisco RV340, Cisco RV340W, Cisco RV345, Cisco RV345P, Cisco RV260, Cisco RV260P, Cisco RV260W, Cisco 160, and Cisco 160W suffer from having hard-coded credentials, known GNU glibc, known BusyBox, and IoT Inspector identified vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-12 CVE Reserved
- 2017-06-12 CVE Published
- 2023-11-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html | X_refsource_misc | |
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html | X_refsource_misc | |
http://seclists.org/fulldisclosure/2019/Jun/18 | Mailing List | |
http://seclists.org/fulldisclosure/2019/Sep/7 | Mailing List | |
http://www.securityfocus.com/bid/99071 | Vdb Entry | |
https://seclists.org/bugtraq/2019/Jun/14 | Mailing List | |
https://seclists.org/bugtraq/2019/Sep/7 | Mailing List | |
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Ba=commit%3Bh=c44496df2f090a56d3bf75df930592dac6bba46f | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://sourceware.org/bugzilla/show_bug.cgi?id=16695 | 2023-11-07 |
URL | Date | SRC |
---|