Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2046

Overview

Vulnerability Score 9.7 9.7
CVE Id CVE-2014-2046
Last Modified 14 May 2014 02:55:42
Published 13 May 2014 08:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-2046

Summary

cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.

Vulnerable Systems

Application

  • Broadcom Pipa C211 Web Interface 1.1


References

MISC - https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2046/

FULLDISC - 20140513 CVE-2014-2046 - Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211


Last Updated: 27 May 2016 11:05:16