Sign-up

ID

VAR-201701-0627


CVE

CVE-2014-9754


TITLE

Viprinet Multichannel VPN Router 300 Hardware VPN Man-in-the-middle vulnerability in a client

Trust: 0.8

sources: JVNDB: JVNDB-2014-008188

DESCRIPTION

The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. ViprinetEuropeMultichannelVPNRouter300 is a multi-channel VPN router product from ViprinetEurope, Germany. A security vulnerability exists in ViprinetEuropeMultichannelVPNRouter300 that caused the program to fail to validate the certificate. An attacker could exploit the vulnerability to perform a man-in-the-middle attack and impersonate a trusted server. Multiple cross-site scripting vulnerabilities 2. An HTML-injection vulnerability 3. Multiple security-bypass vulnerabilities An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and to launch other attacks, perform man-in-the-middle attacks and impersonate trusted servers or bypass certain security restrictions and perform unauthorized actions. In this example, we perform a downgrade attack from protocol version 3 to protocol version 2, however as noted in the impact, version 3 of the protocol is similarly affected. Note: MITRE have assigned CVE-2014-9754 to reference the missing certificate validation and CVE-2014-9755 to reference the protocol downgrade attack. Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/ Copyright: Copyright (c) Portcullis Computer Security Limited 2015, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information

Trust: 2.61

sources: NVD: CVE-2014-9754 // JVNDB: JVNDB-2014-008188 // CNVD: CNVD-2016-01188 // BID: 82583 // VULHUB: VHN-77699 // PACKETSTORM: 135614

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-01188

AFFECTED PRODUCTS

vendor:viprinetmodel:multichannel vpn router 300scope:eqversion:2013070830

Trust: 1.6

vendor:viprinetmodel:multichannel vpn router 300scope:eqversion:2013080900

Trust: 1.6

vendor:viprinet europemodel:multichannel vpn router 300scope: - version: -

Trust: 0.8

vendor:viprinet europemodel:multichannel vpn router 300scope:eqversion:2013070830

Trust: 0.8

vendor:viprinet europemodel:multichannel vpn router 300scope:eqversion:2013080900

Trust: 0.8

vendor:viprinetmodel:europe multichannel vpn routerscope:eqversion:300

Trust: 0.6

sources: CNVD: CNVD-2016-01188 // JVNDB: JVNDB-2014-008188 // CNNVD: CNNVD-201602-368 // NVD: CVE-2014-9754

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9754
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-9754
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-01188
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201602-368
value: MEDIUM

Trust: 0.6

VULHUB: VHN-77699
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9754
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01188
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-77699
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-9754
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-01188 // VULHUB: VHN-77699 // JVNDB: JVNDB-2014-008188 // CNNVD: CNNVD-201602-368 // NVD: CVE-2014-9754

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-77699 // JVNDB: JVNDB-2014-008188 // NVD: CVE-2014-9754

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 135614 // CNNVD: CNNVD-201602-368

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201602-368

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008188

PATCH
title:Multichannel VPN Router 300/310url:https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310
Trust: 0.8
title:ViprinetEuropeMultichannelVPNRouter300 man-in-the-middle attack vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/71679
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-01188 // 
            
            
            
            JVNDB: JVNDB-2014-008188

EXTERNAL IDS
db:NVDid:CVE-2014-9754
Trust: 3.5
db:PACKETSTORMid:135614
Trust: 1.8
db:BIDid:82583
Trust: 1.5
db:JVNDBid:JVNDB-2014-008188
Trust: 0.8
db:CNVDid:CNVD-2016-01188
Trust: 0.6
db:CNNVDid:CNNVD-201602-368
Trust: 0.6
db:VULHUBid:VHN-77699
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01188 // 
            
            
            
            VULHUB: VHN-77699 // 
            
            
            
            BID: 82583 // 
            
            
            
            JVNDB: JVNDB-2014-008188 // 
            
            
            
            PACKETSTORM: 135614 // 
            
            
            
            CNNVD: CNNVD-201602-368 // 
            
            
            
            NVD: CVE-2014-9754

REFERENCES
url:http://seclists.org/fulldisclosure/2016/feb/8
Trust: 2.0
url:http://packetstormsecurity.com/files/135614/viprinet-multichannel-vpn-router-300-identity-verification-fail.html
Trust: 1.7
url:http://www.securityfocus.com/bid/82583
Trust: 1.2
url:http://www.securityfocus.com/archive/1/537441/100/0/threaded
Trust: 1.1
url:https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-9754-cve-2014-9755/
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9754
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9754
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/537441/100/0/threaded
Trust: 0.6
url:https://www.viprinet.com/en/products/multichannel-vpn-router-modular/multichannel-vpn-router-300-310
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2014-9755
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-9754
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01188 // 
            
            
            
            VULHUB: VHN-77699 // 
            
            
            
            BID: 82583 // 
            
            
            
            JVNDB: JVNDB-2014-008188 // 
            
            
            
            PACKETSTORM: 135614 // 
            
            
            
            CNNVD: CNNVD-201602-368 // 
            
            
            
            NVD: CVE-2014-9754

CREDITS
Tim Brown
Trust: 1.0
sources:
            
            
            BID: 82583 // 
            
            
            
            PACKETSTORM: 135614 // 
            
            
            
            CNNVD: CNNVD-201602-368

SOURCES
db:CNVDid:CNVD-2016-01188
db:VULHUBid:VHN-77699
db:BIDid:82583
db:JVNDBid:JVNDB-2014-008188
db:PACKETSTORMid:135614
db:CNNVDid:CNNVD-201602-368
db:NVDid:CVE-2014-9754

LAST UPDATE DATE
2025-04-20T23:20:07.613000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01188date:2016-02-23T00:00:00
db:VULHUBid:VHN-77699date:2018-10-09T00:00:00
db:BIDid:82583date:2016-07-05T21:22:00
db:JVNDBid:JVNDB-2014-008188date:2017-01-31T00:00:00
db:CNNVDid:CNNVD-201602-368date:2017-02-04T00:00:00
db:NVDid:CVE-2014-9754date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-01188date:2016-02-23T00:00:00
db:VULHUBid:VHN-77699date:2017-01-20T00:00:00
db:BIDid:82583date:2016-02-03T00:00:00
db:JVNDBid:JVNDB-2014-008188date:2017-01-31T00:00:00
db:PACKETSTORMid:135614date:2016-02-05T16:22:22
db:CNNVDid:CNNVD-201602-368date:2016-02-19T00:00:00
db:NVDid:CVE-2014-9754date:2017-01-20T15:59:00.193