Strix
26.1K

CVE-2014-7249

UnknownEPSS 6.13%

Last modified

CVE-2014-7249 is a vulnerability of currently unknown severity. Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.. EPSS estimates a 6.13% chance of exploitation in the next 30 days.

Description

Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.

Metrics

EPSS Probability
6.13%

92.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
AlliedtelesisCentrecom Ar415s Firmware<= 2.9.1-20
AlliedtelesisCentrecom Ar415sAll versions
AlliedtelesisAt-8624t\/2m Firmware<= 2.9.1-20
AlliedtelesisAt-8624t\/2mAll versions
AlliedtelesisAr442s Firmware<= 2.9.1-20
AlliedtelesisAr442sAll versions
AlliedtelesisAt-9924t Firmware<= 2.9.1-20
AlliedtelesisAt-9924tAll versions
AlliedtelesisAt-8848 Firmware<= 2.9.1-20
AlliedtelesisAt-8848All versions
AlliedtelesisRapier 48i Firmware<= 2.9.1-20
AlliedtelesisRapier 48iAll versions
AlliedtelesisCentrecom Ar450s Firmware<= 2.9.1-20
AlliedtelesisCentrecom Ar450sAll versions
AlliedtelesisAr745 Firmware<= 2.9.1-20
AlliedtelesisAr745All versions
AlliedtelesisAr441s Firmware<= 2.9.1-20
AlliedtelesisAr441sAll versions
AlliedtelesisCentrecom 9924sp Firmware<= 2.9.1-20
AlliedtelesisCentrecom 9924spAll versions
AlliedtelesisSwitchblade4000 Firmware<= 2.9.1-20
AlliedtelesisSwitchblade4000All versions
AlliedtelesisAt-8624poe Firmware<= 2.9.1-20
AlliedtelesisAt-8624poeAll versions
AlliedtelesisCentrecom 9924t\/4sp Firmware<= 2.9.1-20
AlliedtelesisCentrecom 9924t\/4spAll versions
AlliedtelesisAt-9816gb Firmware<= 2.9.1-20
AlliedtelesisAt-9816gbAll versions
AlliedtelesisAt-9924ts Firmware<= 2.9.1-20
AlliedtelesisAt-9924tsAll versions
AlliedtelesisAr750s Firmware<= 2.9.1-20
AlliedtelesisAr750sAll versions
AlliedtelesisCentrecom Ar570s Firmware<= 2.9.1-20
AlliedtelesisCentrecom Ar570sAll versions
AlliedtelesisCentrecom 8948xl Firmware<= 2.9.1-20
AlliedtelesisCentrecom 8948xlAll versions
AlliedtelesisAt-8648t\/2sp Firmware<= 2.9.1-20
AlliedtelesisAt-8648t\/2spAll versions
AlliedtelesisCentrecom 8700sl Firmware<= 2.9.1-20
AlliedtelesisCentrecom Ar8700slAll versions
AlliedtelesisAr750s-Dp Firmware<= 2.9.1-20
AlliedtelesisAr750s-DpAll versions
AlliedtelesisCentrecom Ar550s Firmware<= 2.9.1-20
AlliedtelesisCentrecom Ar550sAll versions
AlliedtelesisAt-8748xl Firmware<= 2.9.1-20
AlliedtelesisAt-8748xlAll versions
AlliedtelesisAr440s Firmware<= 2.9.1-20
AlliedtelesisAr440sAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-7249?
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 9924SP, CentreCOM 9924T/4SP, Rapier 48i, and SwitchBlade4000 with firmware before 2.9.1-21 allows remote attackers to execute arbitrary code via a crafted HTTP POST request.
How severe is CVE-2014-7249?
Severity scoring for CVE-2014-7249 is pending analysis. The EPSS model estimates a 6.13% probability of exploitation in the next 30 days.
How do I fix CVE-2014-7249?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-7249?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST