Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: VEX Vulnerability Details - SANS Internet Storm Center VEX Vulnerability Details


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VEXID-201165
Published 2017-01-20 15:59:00
Last Modified 2017-01-20 19:27:47
AKA CVE-2014-2045
Summary Multiple cross-site scripting (XSS) vulnerabilities in the 'old' and 'new' interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.
CVSS Score 4.3
CVSS Source http://nvd.nist.gov
CVSS
Access Vector Local Adjacent Network
Access Complexity Low Medium High
Authentication None Single Multiple
Confidentiality None Partial Complete
Integrity None Partial Complete
Availability None Partial Complete
References
Type Content
Vendor Advisory http://packetstormsecurity.com/files/135613/Viprinet-Multichannel-VPN-Router-300-Cross-Site-Scripting.html
Vendor Advisory 20160203 Security Advisories
Vendor Advisory 39407
Vendor Advisory https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2045/