CVE-2014-3307

The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 3.2 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/59024
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3307	Vendor Advisory
http://www.securityfocus.com/bid/68307
http://www.securitytracker.com/id/1030509
http://secunia.com/advisories/59024
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3307	Vendor Advisory
http://www.securityfocus.com/bid/68307
http://www.securitytracker.com/id/1030509

Configurations

Configuration 1 (hide)

cpe:2.3:o:cisco:universal_small_cell_series_firmware:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-07-02 10:35

Updated : 2025-04-12 10:46

NVD link : CVE-2014-3307

Mitre link : CVE-2014-3307

CVE.ORG link : CVE-2014-3307

JSON object : View

Products Affected

cisco

universal_small_cell_series_firmware

CWE

NVD-CWE-Other

{"id": "CVE-2014-3307", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.2, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-07-02T10:35:25.643", "references": [{"url": "http://secunia.com/advisories/59024", "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3307", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.securityfocus.com/bid/68307", "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id/1030509", "source": "psirt@cisco.com"}, {"url": "http://secunia.com/advisories/59024", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3307", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/68307", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1030509", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513."}, {"lang": "es", "value": "La implementaci\u00f3n de cliente DHCP en Universal Small Cell firmware en productos Cisco Small Cell permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de mensajes DHCP manipulados, tambi\u00e9n conocido como Bug ID CSCup47513."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:universal_small_cell_series_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "803B9D74-6C58-438B-BFCC-AE8B906E61B1"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\"", "sourceIdentifier": "psirt@cisco.com"}