Lucene search
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-20190227-RMI-CMD-EX.NASLHistoryFeb 27, 2019 - 12:00 a.m.
Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability (cisco-sa-20190227-rmi-cmd-ex)
2019-02-2700:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
61
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.969
Percentile
99.8%
According to its self-reported version, the version of the Cisco Small Business Wireless-N VPN Router installed on the remote host is affected by a remote command execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands as a high-privilege user.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(122483);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/02/09");
script_cve_id("CVE-2019-1663");
script_xref(name:"CISCO-BUG-ID", value:"CSCvn18638");
script_xref(name:"CISCO-BUG-ID", value:"CSCvn18639");
script_xref(name:"CISCO-BUG-ID", value:"CSCvn18642");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190227-rmi-cmd-ex");
script_xref(name:"IAVA", value:"2019-A-0356");
script_xref(name:"IAVA", value:"0001-A-0007-S");
script_name(english:"Cisco RV110W, RV130W, and RV215W Routers Management Interface Remote Command Execution Vulnerability (cisco-sa-20190227-rmi-cmd-ex)");
script_summary(english:"Checks router version");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a remote command execution vulnerability");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, the version of the Cisco
Small Business Wireless-N VPN Router installed on the remote host is
affected by a remote command execution vulnerability. An
unauthenticated, remote attacker can exploit this to bypass
authentication and execute arbitrary commands as a high-privilege
user.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ffd30987");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco Security
Advisory cisco-sa-20190227-rmi-cmd-ex.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1663");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Cisco RV110W/RV130(W)/RV215W Routers Management Interface Remote Command Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/27");
script_set_attribute(attribute:"patch_publication_date", value:"2019/02/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:rv110w_wireless-n_vpn_firewall");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:rv130w_wireless-n_multifunction_vpn_router");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:rv215w_wireless-n_vpn_router");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_small_business_detect.nasl", "cisco_rv_webui_detect.nbin");
script_require_keys("Cisco/Small_Business_Router/Version", "Cisco/Small_Business_Router/Model");
exit(0);
}
include('cisco_func.inc');
device = get_kb_item_or_exit('Cisco/Small_Business_Router/Model');
version = get_kb_item_or_exit('Cisco/Small_Business_Router/Version');
if (device =~ "^RV110W")
{
fix = '1.2.2.1';
bug = 'CSCvn18639';
}
else if (device =~ "^RV130W")
{
fix = '1.0.3.45';
bug = 'CSCvn18638';
}
else if (device =~ "^RV215W")
{
fix = '1.3.1.1';
bug = 'CSCvn18642';
}
else
audit(AUDIT_HOST_NOT, 'an RV110W, RV130W, or RV215W router');
if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0 )
{
report =
'\n Bug : ' + bug +
'\n Installed version : ' + version +
'\n Fixed version : ' + fix;
security_report_v4(port:0, extra:report, severity:SECURITY_HOLE);
}
else
audit(AUDIT_INST_VER_NOT_VULN, 'Cisco ' + device + ' router', version);
Related
exploitdb
exploitdb
Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)
2019-04-15 00:00:00
Cisco RV110W/RV130(W)/RV215W Routers Management Interface - Remote Command Execution (Metasploit)
2019-09-03 00:00:00
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
2019-06-04 00:00:00
threatpost
threatpost
19-Year-Old TLS Vulnerability Weakens Website Crypto
2017-12-13 14:33:32
Cisco Confirms Critical Firewall Software Bug Is Under Attack
2018-02-09 13:06:34
Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers
2019-02-28 14:27:13
zdt
zdt
Cisco RV110W / RV130(W) / RV215W Remote Command Execution Exploit
2019-09-02 00:00:00
Cisco RV130W Routers Management Interface Remote Command Execution Exploit
2019-04-15 00:00:00
Cisco RV130W 1.0.3.44 - Remote Stack Overflow Exploit
2019-06-04 00:00:00
exploitpack
exploitpack
Cisco RV130W 1.0.3.44 - Remote Stack Overflow
2019-06-04 00:00:00
cisco
cisco
metasploit
metasploit
cve
cve
CVE-2019-1663
2019-02-28 18:29:02
prion
prion
Input validation
2019-02-28 18:29:00
cvelist
cvelist
pentestpartners
pentestpartners
Cisco RV130 β Itβs 2019, but yet: strcpy
2019-02-28 08:00:49
nvd
nvd
CVE-2019-1663
2019-02-28 18:29:02
cve0day
cve0day
Cisco Routers CVE-2019-1663 Remote Command Execution
2019-03-07 13:55:18
packetstorm
packetstorm
Cisco RV110W / RV130(W) / RV215W Remote Command Execution
2019-09-02 00:00:00
Cisco RV130W 1.0.3.44 Remote Stack Overflow
2019-06-04 00:00:00
Cisco RV130W Routers Management Interface Remote Command Execution
2019-04-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Cisco Multiple Routers Remote Code Execution (CVE-2019-1663)
2019-03-03 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.969
Percentile
99.8%
Related for CISCO-SA-20190227-RMI-CMD-EX.NASL