Executive Summary
Summary | |
---|---|
Title | Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160803-rv180_2 | First vendor Publication | 2016-08-03 |
Vendor | Cisco | Last vendor Modification | 2016-08-03 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to execute arbitrary commands with root-level privileges. Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2 BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBV5jimq89gD3EAJB5AQJvBg//ctRV2Z10XPE5WaLLYjptaqzxiMxwI9Da j9Sfi67bG7R+1EIWxWKj5zc8LYogBOz9aw2AyjWsr79bGkHgO0rs0l/6Lo9T+ArA TNs4QheScjztFCnWRb+Df/xdzTeAB30A5iS5kyrTTJtDA6E8CmuQhXtJXEPzC8cT p8wyDV4sE8XgHzhrm00DUe8OKQc1zrIpcU5y93AcINwdEf2CXFOllVw1KeDzKQJY 2jM5m1YlTM5Ei8wS4Li/0SmPlaANAZG7i3ElItRHGEO9YGsbt+ZerQsPAd8d+R6c +HV3IF9tZ5Le0KFhdTw68ST8GAOxcdpL2DA3qtErcpMwhZca6bPU8okZZfhqAD63 mZDnaVWhGKHa+iyGK40cL+OgHmvxQLljvyS1hgj3ESPNYl+dh5ljFVw6KY5rZpRI Zmi5Av79NNHQK3WalhBfwxsvTlxy0EwbPjetaSws/v3MxH1Xtq1MXhnH35juT4vz 83RvRMTm/71/AKgZ6LZIxcQMoVi9fjcqi7+dpgUBMomziBB+2aqaAH+8B943Knuw S1Nzhg8Cv184MkkL+RLhSCfzFxfK4usO6v2hz/otJyDB238CZVtKeN+Ym9D5NvwU dHwzjLQCsFqLbJN1ps5/JcSC8vtE2bLmevJepk+T/tHp0+k0tTmNm9FS3WE1YaIY VZ+y3ge4778= =Ywyj END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-08-04 | Cisco RV180 VPN Router platform.cgi command injection attempt RuleID : 39792 - Revision : 1 - Type : SERVER-WEBAPP |
2016-08-04 | Cisco RV180 VPN Router platform.cgi command injection attempt RuleID : 39791 - Revision : 1 - Type : SERVER-WEBAPP |
2016-08-04 | Cisco RV180 VPN Router platform.cgi command injection attempt RuleID : 39790 - Revision : 1 - Type : SERVER-WEBAPP |
Alert History
Date | Informations |
---|---|
2016-08-11 21:24:54 |
|
2016-08-03 21:23:50 |
|