{"vuid":"VU#213046","idnumber":"213046","name":"Virtual Access GW6110A router privilege escalation vulnerability","keywords":["Virtual Access","GW6110A","router","privilege escalation","cew-472","cpe"],"overview":"Virtual Access GW6110A routers contain a privilege escalation vulnerability which could allow an authenticated user to escalate their privileges.","clean_desc":"CWE-472: External Control of Assumed-Immutable Web Parameter\nVirtual Access GW6110A routers contain a privilege escalation vulnerability which could allow an authenticated user to escalate their privileges by modifying a javascript variable that checks for user access level on the web interface.","impact":"An authenticated user could escalate their privileges on the router, allowing them access to administration features.","resolution":"Update The vendor has released an update to address this vulnerability. Affected users are advised to upgrade to one of the following versions. Users of software branch 9.00 are advised to update to version 9.09.27 or later. Users of software branch 9.50 are advised to update to version 9.50.21 or later. Users of software branch 10.00 are advised to update to version 10.00.21 or later.","workarounds":"Restrict access As a general good security practice, only allow connections from trusted hosts and networks.","sysaffected":"","thanks":"Thanks to James Premo for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["h","t","t","p",":","/","/","w","w","w",".","v","i","r","t","u","a","l","a","c","c","e","s","s",".","c","o","m","/","G","W","6","0","0","0","-","a","d","s","l","2","-","r","o","u","t","e","r",".","p","h","p"],"cveids":["CVE-2014-0343"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-12-05T14:17:50Z","publicdate":"2014-03-25T00:00:00Z","datefirstpublished":"2014-03-25T13:48:38Z","dateupdated":"2014-03-25T13:48:39Z","revision":13,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"1","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"2.3","cvss_basevector":"AV:A/AC:M/Au:S/C:P/I:N/A:N","cvss_temporalscore":"1.8","cvss_environmentalscore":"0.6514047308572","cvss_environmentalvector":"CDP:L/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}