Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Multiple Vulnerabilities in Cisco Small Business RV Series Routers
Informations
Name cisco-sa-20141105-rv First vendor Publication 2014-11-05
Vendor Cisco Last vendor Modification 2014-11-05
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected by the following vulnerabilities:

* Cisco RV Series Routers Command Injection Vulnerability
* Cisco RV Series Routers HTTP Referer Header Vulnerability
* Cisco RV Series Routers Insecure File Upload Vulnerability

These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv

BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVFmbD4pI1I6i1Mx3AQJdTg/9F/NC3ZcoMNJqmzj4oAuPl4LtiRry735U VByfJp3TMh6REhJW5s78FhjCFsZeklN/OOk0EeWuyF3YjfyfcEWuKtLz6DfM8wLA LggnyEYn/NCfdukRnIOtmDL/KSGqTDVCx4H6hl1bkTEFGlxzOMDWfH5YPP9Ptdcu 8q7/M1jSlqUhFVNzAMgsv95GUdk2bN5lf5ZP/vdXJCZR0Q32c/6uoCMDfJMFIod5 1C/6p3D4JRDWfndrW6I26fxYDa2rozBK3OJIe74yF7Vc9f/g7y3ZfpQWwImRFb3c Klzyxuo2gEkuJYiIHF8Jdy6GZDVtsO+U8yKF2ZoCc6PZY+lVyo1oS4UVMqGIr0ar 1FZmYwdJpSvsQoeVlrzhjuNGQduWXvw5NqU946NUrlG2Y0Ch2XZBa2pbY5CYd7NC FV6Eay6oQE3DadRDpO1Co8CH7NiEs0G4e6/rg7MpU7fNGPekWLKJYqCExzzh4cP/ Y3ykLI0/LDMm5DHmG9vAzxapSTGDLiSjOa3GJfEE1NPaVXQWaPCc1gKz+f2LxdnG uqZxEZxgyNA/ouNQDbYxgkTHXyYuMoaxJy8TD+SNLD2mfwhugZfIppKqR3fzO3fv zeaARapAv5Me/QwDRj7+EAG9W+osreIbIV1U+yO1SFwoOZl9w/b7wU/SuDuB0FMf 5AI1CwM/xfs= =uVv4 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
33 % CWE-94 Failure to Control Generation of Code ('Code Injection')
33 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Os 1
Os 1
Os 3

Snort® IPS/IDS

Date Description
2014-11-16 Cisco RV180W Router cross-site request forgery attempt
RuleID : 32398 - Revision : 1 - Type : SERVER-OTHER
2014-06-21 Cisco RV180 VPN remote code execution attempt
RuleID : 30933 - Revision : 5 - Type : SERVER-OTHER
2014-06-21 Cisco RV180W remote file inclusion attempt
RuleID : 30931 - Revision : 5 - Type : SERVER-OTHER

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-11-07 17:26:48
  • Multiple Updates
2014-11-05 21:23:50
  • First insertion