Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-7249

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2014-7249
Last Modified 19 Dec 2014 12:13:09
Published 19 Dec 2014 06:59:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-7249

Summary

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

Vulnerable Systems

Operating System

  • Alliedtelesis Ar440s Firmware 2.9.1-20

  • Alliedtelesis Ar441s Firmware 2.9.1-20

  • Alliedtelesis Ar442s Firmware 2.9.1-20

  • Alliedtelesis Ar745 Firmware 2.9.1-20

  • Alliedtelesis Ar750s Firmware 2.9.1-20

  • Alliedtelesis Ar750s-dp Firmware 2.9.1-20

  • Alliedtelesis At-8624poe Firmware 2.9.1-20

  • Alliedtelesis At-8624t%2f2m Firmware 2.9.1-20

  • Alliedtelesis At-8648t%2f2sp Firmware 2.9.1-20

  • Alliedtelesis At-8748xl Firmware 2.9.1-20

  • Alliedtelesis At-8848 Firmware 2.9.1-20

  • Alliedtelesis At-9816gb Firmware 2.9.1-20

  • Alliedtelesis At-9924t Firmware 2.9.1-20

  • Alliedtelesis At-9924ts Firmware 2.9.1-20

  • Alliedtelesis Centrecom 8700sl Firmware 2.9.1-20

  • Alliedtelesis Centrecom 8948xl Firmware 2.9.1-20

  • Alliedtelesis Centrecom 9924sp Firmware 2.9.1-20

  • Alliedtelesis Centrecom 9924t%2f4sp Firmware 2.9.1-20

  • Alliedtelesis Centrecom Ar415s Firmware 2.9.1-20

  • Alliedtelesis Centrecom Ar450s Firmware 2.9.1-20

  • Alliedtelesis Centrecom Ar550s Firmware 2.9.1-20

  • Alliedtelesis Centrecom Ar570s Firmware 2.9.1-20

  • Alliedtelesis Rapier 48i Firmware 2.9.1-20

  • Alliedtelesis Switchblade4000 Firmware 2.9.1-20


References

CONFIRM - http://www.allied-telesis.co.jp/support/list/faq/vuls/20141111aen.html

JVNDB - JVNDB-2014-000132

JVN - JVN#22440986


Last Updated: 27 May 2016 11:07:20