CVE-2014-2378 — MEDIUM (6.5)

Q: How severe is CVE-2014-2378?

CVE-2014-2378 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2378?

Check the references section above for vendor advisories and patch information. Affected products include: Sensysnetworks Trafficdot, Sensysnetworks Vsn240-F, Sensysnetworks Vsn240-T, Sensysnetworks Vds.

Vulnerability Description

Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code via a Trojan horse update.

CVSS Score

6.5

MEDIUM

AV:A/AC:H/Au:N/C:C/I:C/A:P

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Sensysnetworks	Trafficdot	<= 2.10.2
Sensysnetworks	Vsn240-F	-
Sensysnetworks	Vsn240-T	-
Sensysnetworks	Vds	<= 2.10.0

Related Weaknesses (CWE)

CWE-94 CWE-494

References

FAQ

What is CVE-2014-2378?

CVE-2014-2378 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not verify the integrity of downloaded updates, which allows remote attackers to execute arbitrary code ...

How severe is CVE-2014-2378?

CVE-2014-2378 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2378?

Check the references section above for vendor advisories and patch information. Affected products include: Sensysnetworks Trafficdot, Sensysnetworks Vsn240-F, Sensysnetworks Vsn240-T, Sensysnetworks Vds.