Lucene search

CiscoCISCO-SA-20160803-RV180_2

HistoryAug 03, 2016 - 4:00 p.m.

Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability

2016-08-0316:00:00

tools.cisco.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.2%

JSON

A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.

The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to execute arbitrary commands with root-level privileges.

Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available.

This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2”]

Affected configurations

Vulners

Node

ciscorv180w_wireless-n_multifunction_vpn_router_firmwareMatchany

ciscorv180_vpn_router_firmwareMatchany

ciscorv180w_wireless-n_multifunction_vpn_router_firmwareMatchany

ciscorv180_vpn_router_firmwareMatchany

VendorProductVersionCPE
ciscorv180w_wireless-n_multifunction_vpn_router_firmwareanycpe:2.3:o:cisco:rv180w_wireless-n_multifunction_vpn_router_firmware:any:*:*:*:*:*:*:*
ciscorv180_vpn_router_firmwareanycpe:2.3:o:cisco:rv180_vpn_router_firmware:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	rv180w_wireless-n_multifunction_vpn_router_firmware	any	cpe:2.3:o:cisco:rv180w_wireless-n_multifunction_vpn_router_firmware:any:::::::*
cisco	rv180_vpn_router_firmware	any	cpe:2.3:o:cisco:rv180_vpn_router_firmware:any:::::::*

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

61.2%

JSON

Related for CISCO-SA-20160803-RV180_2