CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
52.7%
According to its self-reported version, this Cisco Small Business RV Series router is affected by multiple vulnerabilities:
A vulnerability in the Online Help web service of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the service.The vulnerability exists because the Online Help web service of an affected device insufficiently validates user-supplied input. An attacker could exploit this vulnerability by persuading a user of the service to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected service or access sensitive browser-based information.
(CVE-2019-1827)
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials.The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in- the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. (CVE-2019-1828)
Please see the included Cisco BIDs and Cisco Security Advisory for more information
#TRUSTED 28c36b44110f97e10bc645dfda2effe8e7d514e49d613dff8cd7e4ea2468dce67d301c7867051ccea9b295ebf29d95dad84d8c8e369f4d55a2a085bb50974e517907b0f6a9d83566bcf1ac7ad45a39766fc488e261cf25400c318ce6d915e2b624a073cc9da9c481ed44820decafa0172f24cc7383d82ba56b3e939f0f2fb2b75eb8daa29da6396ab7331977c6ebcc865a3d3a26dd86486ccce639aa290359285d33a6ad98c61f73c6bf41aa8f2e55a2467785ce8752c6822bdb01854d552f4055a549e309e452c9cd9de03b1f9aeebcc67e3ea3bdaadf30e2d6651739794533a778973ec52aa627b514ae81972d3ebcf6e9766aee208075b080d5edb95829c6d84872f352e85b598e74d0b6ed9045fe115a64817d8f95aadf0ab3da040423982de0a04db3bb7df58c3871dc204ee35ed003bc27e73a7ca17a1a814a188d0f085a251179200e8a393a3e4728b56c280ae7b1dec037a60279a0aa410413d28ca3e3bfa3ba0930b669e7f2e9c9d8f8c3f546a6789ad1e214bedbd5fbbac7382e929b29b7a8b637295aba9d2c86b6779e2ad82eca6af2b24d137e6a00ed6f469d9047b798f7af91923e4182a8afe5565d92a86fe9053e5679bd355d7421fa97128af1567820979eb911c50e1aac75484729575ad6e3c5be361ab43a258fc3fbb9aa9c40e1771c80f0d083ff02342d9a890e00d4db5b421c7eb8c42f0130e1d1de37
#TRUST-RSA-SHA256 511b58a2e14049abeca576dae2d04e7978db79d518212e349df8fa05e475de192d30cfa5e6ee71fd6db12cdfc63891e417957dbbb877e4f805975e03a40babce706ee6aeb0003827ff341a1699adf9cc1c511f9062b6c04b6da4aff92a116dea9765e958fe9e55d2674ffa7b5c757ed1fca959dd110725b39da56fb72b49c48a82287d08ad4bbb9fb39745a8fe1b21ac78a00d1f86449360fe5ce46e20e8eda26d454b6e4874003a27941e577bb27a6b1d29d912c38058360408e4ed308e512173679bf77b399db533c3397717bf00186689445bc117f8b855a34dbe09350f26173ee32b6ce0af1f5ca5d59061c5a7c1be2f9347f4a09c1265a92d941d49cbca681d86ffa7d1dbb7d4506d74563569360a17b5b4d693f0b7ae8ed4401cb142ac7777c224b6005238dd64e3978a0bdc6261c3582bac2c908b676e6cf7bf47712ee12d104b5000c75baad37d786cbcf7eb16ab78e8adfd0a18db85ff692d84356203770122eaeb96f61dd21a91c6407d9f5730c7469d802aa229c6923949af80707b52c67a240e748a73d738db86b4fd68e391d627c4b60bc66107ab6ab60601b429cc7874c5d21cfa44dfab517ce3063779458db03185e5b55ce831f57b82c54a8ff5f10ff6e231d88e160903ee0a289b71204df377e1866c703db3bf9de7420b9577d146e51b9c4d8639aa0639bcc79e6c17388663662a2602a6e032619d946a
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(124061);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2019-1827", "CVE-2019-1828");
script_xref(name:"CISCO-BUG-ID", value:"CSCvp09589");
script_xref(name:"CISCO-BUG-ID", value:"CSCvp09573");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190404-rv-xss");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190404-rv-weak-encrypt");
script_xref(name:"CEA-ID", value:"CEA-2019-0212");
script_name(english:"Cisco Small Business RV320 and RV325 Routers Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, this Cisco Small Business RV
Series router is affected by multiple vulnerabilities:
- A vulnerability in the Online Help web service of Cisco
Small Business RV320 and RV325 Dual Gigabit WAN VPN
Routers could allow an unauthenticated, remote attacker
to conduct a reflected cross-site scripting (XSS) attack
against a user of the service.The vulnerability exists
because the Online Help web service of an affected
device insufficiently validates user-supplied input. An
attacker could exploit this vulnerability by persuading
a user of the service to click a malicious link. A
successful exploit could allow the attacker to execute
arbitrary script code in the context of the affected
service or access sensitive browser-based information.
(CVE-2019-1827)
- A vulnerability in the web-based management interface of
Cisco Small Business RV320 and RV325 Dual Gigabit WAN
VPN Routers could allow an unauthenticated, remote
attacker to access administrative credentials.The
vulnerability exists because affected devices use weak
encryption algorithms for user credentials. An attacker
could exploit this vulnerability by conducting a man-in-
the-middle attack and decrypting intercepted
credentials. A successful exploit could allow the
attacker to gain access to an affected device with
administrator privileges. (CVE-2019-1828)
Please see the included Cisco BIDs and Cisco Security Advisory for
more information");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190404-rv-xss
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7ea0bf3d");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190404-rv-weak-encrypt
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75b1813b");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp09589");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp09573");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvp09589 & CSCvp09573");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1828");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(79, 327);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/04");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:cisco:small_business_rv_series_router_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_small_business_detect.nasl", "cisco_rv_webui_detect.nbin");
script_require_keys("Cisco/Small_Business_Router/Version", "Cisco/Small_Business_Router/Model");
exit(0);
}
include('cisco_workarounds.inc');
include('ccf.inc');
product_info = cisco::get_product_info(name:'Cisco Small Business Series Router Firmware');
vuln_list = [
{'min_ver' : '0', 'fix_ver' : '1.4.2.22'}
];
reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'fix' , '1.4.2.22',
'version' , product_info['version'],
'bug_id' , 'CSCvp09589 & CSCvp09573',
'disable_caveat', TRUE,
'xss' , TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_list,
models:make_list('RV320', 'RV325')
);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
52.7%