Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2021-1415 | First vendor Publication | 2021-04-08 |
Vendor | Cve | Last vendor Modification | 2023-11-07 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L | |||
---|---|---|---|
Overall CVSS Score | 6.3 | ||
Base Score | 6.3 | Environmental Score | 6.3 |
impact SubScore | 3.4 | Temporal Score | 6.3 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | Low |
Integrity Impact | Low | Availability Impact | Low |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1415 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-502 | Deserialization of Untrusted Data |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 5 | |
Os | 5 | |
Os | 5 | |
Os | 5 |
Sources (Detail)
Source | Url |
---|---|
CISCO | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s... |
MISC | https://www.zerodayinitiative.com/advisories/ZDI-21-560/ |
Alert History
Date | Informations |
---|---|
2023-11-07 21:35:16 |
|
2021-06-04 17:22:58 |
|
2021-05-11 13:22:56 |
|
2021-04-15 05:22:53 |
|
2021-04-14 21:23:16 |
|
2021-04-08 17:23:12 |
|
2021-04-08 09:22:51 |
|