Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.CISCO-SA-RV340-CMDINJ-RCEDOS-PY8J3QFY.NASL
HistoryAug 04, 2021 - 12:00 a.m.

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Multiple Vulnerabilities (cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy)

2021-08-0400:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
67
cisco small business
rv340
rv340w
rv345
rv345p
dual wan
gigabit
vpn
routers
vulnerabilities
web-based management interface
arbitrary code execution
denial of service
cve-2021-1609
cve-2021-1610
remote attacker
root privileges
cisco bids
cisco security advisory
nessus scanner

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.4%

JSON

According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple vulnerabilities:

  • A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. (CVE-2021-1609)

  • A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges on an affected device. (CVE-2021-1610)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#TRUSTED 9859b74b70ec73ebec0428e2ef97b177c8c55619807b9ea56b7cfeb0172245558c97a1b60ffc1ff9c2b5c4681665949a39d0aa20968ce963932a71d0051fefbcae6cfb3655a2d91edba7c6afae95bf74b56d126a05ffd901ca41b663ac948852017f60220e63b2a70c31e3d8c7a37e5800d5dc483c4b7bdd998dd200ee6406f7fa97f06d88c0cacb33dc45042aa39fc5f58241ec4a52ec121df20f68f133588e2860407377dff54a25ed5291a3325626c05b2745b65c62c773aab0992276c73835bc255716cda19ca9fdf0587569014d776e5a4c8dcf1312765a19914b94db6e79dbe2b288a5b10dffb859a48cc010a8dac129a944205928dd4834ce45c742701d337fcee2ed91c8eef2145680c85f357bde273603337506e6ad7b5876f4efce6fd05e4bb6aca5639582efda5063cfa2c5bb10e24f5c85d490ea6b1b34145295785c3c2edfaef8f767abed7318d0e36a4991dcbcae1097ad9ed7aa64e1a2b304d52f0faeed267deb7bb3ad95a5a1e7c0644fcdd76c60ea7708f2ea2955b77e6462ff6164eb461fe2e603300f1239a57650924ff1df2093f8a32e1912c072b40cbbbbc26cf59187392b82bf49125928b164edb6825842cd6069ec9580e621969f4d2fb052fdd3406c1058824140311804dcde4ed76a375afb78ac2675ff20b734b168e85acdc2b6981a2c70982012fb00b3591fe2c53925e07a6e584ad6bb911a
#TRUST-RSA-SHA256 662a54be34a7450028d0a7725c47682bf216dcfebe02b1af47dea07cf454a1f454b241a6a59b040b12b713bc4b03b48ca5ba081f4a78b94cd8ed0f9e644d8c6d6a092e89adeca9a80f8faa8112473e2e0245ca5bcfc1346847c491237487dc79033cfb938d165f2b719831ca2fe84d164274ddb9ae1959a155d19403d0663bf854e963ca9a36a86f2394d26e98ea4278079c1287b9f15780e50243bf5372d9cc36d180a4750808504a2342ec5ee71c761ee08501e61945fe9749eda37750e6c572dd9871970adeab876e946d117fe4d893ca14c9cca299662128da99d4ad79c1cd757dc175b878394b529fc3ca2b9af7c10e4bb382637175c4b71204e6f3ee1bfb642e92a99435dd936d5542d0df3ab989b2c32fb0e68b4623c45e9071f11d6ad059d0642ba80bc5953e7cc71a889c2d323eddc312f91c537f9d372356ff1a663e315cb685598f4de4d45a0a40bb2ba7df14a0b54ef82eb9cd3cc232c46a83de747371410b1c0e05e8ccbf90fc95b191f5a889d8195b3f9b94de3cae235e07b86003a3dce35186e26861fda529abd34ad13b2f8b4cd5f098bb124583a5b56b4aea1c0f8af91f5fd3adf7c7a99816af7545c49f8e17858f92c2a6c842e7f8c819e1c68d2f04c582c22a3e47a4c71240a3539f90b4a7a52e2575e7256559c95fa0b5569aff4f4127dda7ef36d99afd85a8831c38cfeb826bdbfb09fe8bd61e6ee9
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(152212);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id("CVE-2021-1609", "CVE-2021-1610");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvy15286");
  script_xref(name:"CISCO-BUG-ID", value:"CSCvy15342");
  script_xref(name:"CISCO-SA", value:"cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy");
  script_xref(name:"IAVA", value:"2021-A-0360");
  script_xref(name:"CEA-ID", value:"CEA-2021-0038");

  script_name(english:"Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Multiple Vulnerabilities (cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch (cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy)");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by multiple
vulnerabilities:

  - A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual
    WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected
    device or cause the device to reload, resulting in a denial of service (DoS) condition. (CVE-2021-1609)

  - A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual
    WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands with root
    privileges on an affected device. (CVE-2021-1610)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version 
number.");
  # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b5b4035e");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy15286");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvy15342");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvy15286, CSCvy15342");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-1609");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(121, 149);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/08/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/04");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:cisco:small_business_rv_series_router_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:rv340_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:rv340w_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:rv345_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:rv345p_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:rv340");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:rv340w");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:rv345");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:rv345p");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_small_business_detect.nasl", "cisco_rv_webui_detect.nbin");
  script_require_keys("Cisco/Small_Business_Router/Version", "Cisco/Small_Business_Router/Model");

  exit(0);
}

include('ccf.inc');

var product_info = cisco::get_product_info(name:'Cisco Small Business Series Router Firmware');

if (product_info['model'] !~ "^RV34(0W?|5P?)")
  audit(AUDIT_HOST_NOT, 'an affected Cisco Small Business RV Series router');

var vuln_ranges = [{ 'min_ver' : '0', 'fix_ver' : '1.0.03.22' }];

reporting = make_array(
  'port'     , product_info['port'],
  'severity' , SECURITY_HOLE,
  'version'  , product_info['version'],
  'bug_id'   , 'CSCvy15286, CSCvy15342',
  'disable_caveat', TRUE
);

cisco::check_and_report(
  product_info:product_info,
  reporting:reporting,
  vuln_ranges:vuln_ranges
);

Related

cisco 1
avleonov 1
thn 1
prion 2
cvelist 2
cve 2
cnvd 2
nvd 2
threatpost 2
cisco
cisco
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
2021-08-04 16:00:00
avleonov
avleonov
Last Week’s Security News: Black Hat Pwnie Awards, iPhone Checks Photos, Evil Windows Print Server, Cisco VPN Routers Takeovers
2021-08-11 22:18:24
thn
thn
Cisco Issues Critical Security Patches to Fix Small Business VPN Router Bugs
2021-08-05 06:02:00
prion
prion
Design/Logic Flaw
2021-08-04 18:15:00
Design/Logic Flaw
2021-08-04 18:15:00
cvelist
cvelist
CVE-2021-1609 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
2021-08-04 17:20:31
CVE-2021-1610 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Web Management Vulnerabilities
2021-08-04 17:20:37
cve
cve
CVE-2021-1609
2021-08-04 18:15:08
CVE-2021-1610
2021-08-04 18:15:09
cnvd
cnvd
Cisco Small Business RV340 and Cisco Small Business Command Injection Vulnerability
2021-08-06 00:00:00
Multiple vulnerabilities exist in Cisco Small Business RV340 and Cisco Small Business
2021-08-06 00:00:00
nvd
nvd
CVE-2021-1610
2021-08-04 18:15:09
CVE-2021-1609
2021-08-04 18:15:08
threatpost
threatpost
Critical Cisco Bug in VPN Routers Allows Remote Takeover
2021-08-06 16:07:55
30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware
2021-10-13 11:22:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

56.4%

JSON
Related for CISCO-SA-RV340-CMDINJ-RCEDOS-PY8J3QFY.NASL
cisco1avleonov1thn1prion2cvelist2cve2cnvd2nvd2threatpost2