Details of VAR-201407-0371

ID

VAR-201407-0371

CVE

CVE-2014-3307

TITLE

Cisco Small Cell Run on product Universal Small Cell Firmware DHCP Arbitrary command execution vulnerability in client implementation

Trust: 0.8

sources: JVNDB: JVNDB-2014-003113

DESCRIPTION

The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513. Vendors have confirmed this vulnerability Bug ID CSCup47513 It is released as. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlSkillfully crafted by a third party DHCP Arbitrary commands may be executed via messages. An attacker can exploit this issue to execute arbitrary commands and completely compromise the affected device

Trust: 2.52

sources: NVD: CVE-2014-3307 // JVNDB: JVNDB-2014-003113 // CNVD: CNVD-2014-04076 // BID: 68307 // VULHUB: VHN-71247

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04076

AFFECTED PRODUCTS

vendor:	cisco	model:	universal small cell series	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	universal small cell series	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small cell engine	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-04076 // JVNDB: JVNDB-2014-003113 // CNNVD: CNNVD-201407-068 // NVD: CVE-2014-3307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3307
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3307
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-04076
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201407-068
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71247
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3307
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-04076
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71247
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-04076 // VULHUB: VHN-71247 // JVNDB: JVNDB-2014-003113 // CNNVD: CNNVD-201407-068 // NVD: CVE-2014-3307

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-003113 // NVD: CVE-2014-3307

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201407-068

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201407-068

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003113

PATCH

title:	Cisco Small Cell Command Execution Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3307	Trust: 0.8
title:	Patch for Cisco Small Cell Engine arbitrary command execution vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/47099	Trust: 0.6

sources: CNVD: CNVD-2014-04076 // JVNDB: JVNDB-2014-003113

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3307	Trust: 3.4
db:	BID	id:	68307	Trust: 2.0
db:	SECTRACK	id:	1030509	Trust: 1.1
db:	SECUNIA	id:	59024	Trust: 1.1
db:	JVNDB	id:	JVNDB-2014-003113	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-068	Trust: 0.7
db:	CNVD	id:	CNVD-2014-04076	Trust: 0.6
db:	VULHUB	id:	VHN-71247	Trust: 0.1

sources: CNVD: CNVD-2014-04076 // VULHUB: VHN-71247 // BID: 68307 // JVNDB: JVNDB-2014-003113 // CNNVD: CNNVD-201407-068 // NVD: CVE-2014-3307

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3307	Trust: 2.3
url:	http://www.securityfocus.com/bid/68307	Trust: 1.1
url:	http://www.securitytracker.com/id/1030509	Trust: 1.1
url:	http://secunia.com/advisories/59024	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3307	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3307	Trust: 0.8

sources: CNVD: CNVD-2014-04076 // VULHUB: VHN-71247 // JVNDB: JVNDB-2014-003113 // CNNVD: CNNVD-201407-068 // NVD: CVE-2014-3307

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 68307

SOURCES

db:	CNVD	id:	CNVD-2014-04076
db:	VULHUB	id:	VHN-71247
db:	BID	id:	68307
db:	JVNDB	id:	JVNDB-2014-003113
db:	CNNVD	id:	CNNVD-201407-068
db:	NVD	id:	CVE-2014-3307

LAST UPDATE DATE

2025-04-13T23:29:42.575000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04076	date:	2014-07-04T00:00:00
db:	VULHUB	id:	VHN-71247	date:	2015-12-03T00:00:00
db:	BID	id:	68307	date:	2014-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2014-003113	date:	2014-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201407-068	date:	2014-07-04T00:00:00
db:	NVD	id:	CVE-2014-3307	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04076	date:	2014-07-04T00:00:00
db:	VULHUB	id:	VHN-71247	date:	2014-07-02T00:00:00
db:	BID	id:	68307	date:	2014-07-01T00:00:00
db:	JVNDB	id:	JVNDB-2014-003113	date:	2014-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201407-068	date:	2014-07-04T00:00:00
db:	NVD	id:	CVE-2014-3307	date:	2014-07-02T10:35:25.643