Lucene search

CiscoCVE-2021-1414

HistoryApr 08, 2021 - 4:15 a.m.

CVE-2021-1414

2021-04-0804:15:13

CWE-502

cisco

web.nvd.nist.gov

cisco

rv340

rv340w

rv345

rv345p

vpn

routers

vulnerabilities

security

nvd

cve-2021-1414

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.

Affected configurations

Nvd

Node

ciscorv340_firmwareRange<1.0.03.21

AND

ciscorv340Match-

Node

ciscorv340w_firmwareRange<1.0.03.21

AND

ciscorv340wMatch-

Node

ciscorv345_firmwareRange<1.0.03.21

AND

ciscorv345Match-

Node

ciscorv345p_firmwareRange<1.0.03.21

AND

ciscorv345pMatch-

VendorProductVersionCPE
ciscorv340_firmware*cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*
ciscorv340-cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*
ciscorv340w_firmware*cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*
ciscorv340w-cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*
ciscorv345_firmware*cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*
ciscorv345-cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*
ciscorv345p_firmware*cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*
ciscorv345p-cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	rv340_firmware	*	cpe:2.3:o:cisco:rv340_firmware::::::::
cisco	rv340	-	cpe:2.3:h:cisco:rv340:-:::::::*
cisco	rv340w_firmware	*	cpe:2.3:o:cisco:rv340w_firmware::::::::
cisco	rv340w	-	cpe:2.3:h:cisco:rv340w:-:::::::*
cisco	rv345_firmware	*	cpe:2.3:o:cisco:rv345_firmware::::::::
cisco	rv345	-	cpe:2.3:h:cisco:rv345:-:::::::*
cisco	rv345p_firmware	*	cpe:2.3:o:cisco:rv345p_firmware::::::::
cisco	rv345p	-	cpe:2.3:h:cisco:rv345p:-:::::::*

CNA Affected

[
  {
    "product": "Cisco Small Business RV Series Router Firmware",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b

www.zerodayinitiative.com/advisories/ZDI-21-559/

Social References

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

57.3%

JSON

Related for CVE-2021-1414