Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2019-15990
HistoryNov 26, 2019 - 4:15 a.m.

CVE-2019-15990

2019-11-2604:15:12
CWE-285
cisco
web.nvd.nist.gov
72
cve-2019-15990
cisco
small business
rv series routers
vulnerability
web-based management
unauthenticated
remote attacker
information disclosure
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

38.6%

JSON

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication.

Affected configurations

Nvd
Node
ciscorv016_multi-wan_vpnMatch-
AND
ciscorv016_multi-wan_vpn_firmwareRange<4.2.3.10
Node
ciscorv042_dual_wan_vpnMatch-
AND
ciscorv042_dual_wan_vpn_firmwareRange<4.2.3.10
Node
ciscorv042g_dual_gigabit_wan_vpnMatch-
AND
ciscorv042g_dual_gigabit_wan_vpn_firmwareRange<4.2.3.10
Node
ciscorv082_dual_wan_vpnMatch-
AND
ciscorv082_dual_wan_vpn_firmwareRange<4.2.3.10
VendorProductVersionCPE
ciscorv016_multi-wan_vpn-cpe:2.3:h:cisco:rv016_multi-wan_vpn:-:*:*:*:*:*:*:*
ciscorv016_multi-wan_vpn_firmware*cpe:2.3:o:cisco:rv016_multi-wan_vpn_firmware:*:*:*:*:*:*:*:*
ciscorv042_dual_wan_vpn-cpe:2.3:h:cisco:rv042_dual_wan_vpn:-:*:*:*:*:*:*:*
ciscorv042_dual_wan_vpn_firmware*cpe:2.3:o:cisco:rv042_dual_wan_vpn_firmware:*:*:*:*:*:*:*:*
ciscorv042g_dual_gigabit_wan_vpn-cpe:2.3:h:cisco:rv042g_dual_gigabit_wan_vpn:-:*:*:*:*:*:*:*
ciscorv042g_dual_gigabit_wan_vpn_firmware*cpe:2.3:o:cisco:rv042g_dual_gigabit_wan_vpn_firmware:*:*:*:*:*:*:*:*
ciscorv082_dual_wan_vpn-cpe:2.3:h:cisco:rv082_dual_wan_vpn:-:*:*:*:*:*:*:*
ciscorv082_dual_wan_vpn_firmware*cpe:2.3:o:cisco:rv082_dual_wan_vpn_firmware:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Cisco Small Business RV Series Router Firmware",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "n/a",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

nessus 2
cisco 1
nvd 1
prion 1
cvelist 1
symantec 1
nessus
nessus
Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure (cisco-sa-20191120-sbr-rv-infodis)
2019-12-02 00:00:00
Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability (cisco-sa-20191106-sbr-cominj)
2019-11-22 00:00:00
cisco
cisco
Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability
2019-11-20 16:00:00
nvd
nvd
CVE-2019-15990
2019-11-26 04:15:12
prion
prion
Authorization
2019-11-26 04:15:00
cvelist
cvelist
CVE-2019-15990 Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability
2019-11-26 03:42:02
symantec
symantec
Cisco Small Business RV Series Routers CVE-2019-15990 Information Disclosure Vulnerability
2019-11-20 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

38.6%

JSON
Related for CVE-2019-15990
nessus2cisco1nvd1prion1cvelist1symantec1