Sign-up

ID

VAR-201608-0234


CVE

CVE-2016-1429


TITLE

Cisco RV180 and RV180W Device Web Directory traversal vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2016-004339

DESCRIPTION

Directory traversal vulnerability in the web interface on Cisco RV180 and RV180W devices allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuz43023. The Cisco RV180 and RV180W are wireless multifunction VPN routers. Attackers can exploit this issue to gain unauthorized access to the affected device. This may aid in further attacks. The issue is being tracked by Cisco Bug ID CSCuz43023. Both Cisco RV180 and RV180W are router products of Cisco (Cisco)

Trust: 2.52

sources: NVD: CVE-2016-1429 // JVNDB: JVNDB-2016-004339 // CNVD: CNVD-2016-06190 // BID: 92270 // VULHUB: VHN-90248

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-06190

AFFECTED PRODUCTS

vendor:ciscomodel:rv180 vpn routerscope: - version: -

Trust: 1.2

vendor:ciscomodel:rv180w wireless-n multifunction vpn routerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:rv180 vpn routerscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:rv180 vpn routerscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:rv180w wireless-n multifunction vpn routerscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:rv180w vpn routerscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv180w wireless-n multifunction vpn routerscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv180w wireless-n multifunction vpn routerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:rv180 vpn routerscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-06190 // BID: 92270 // JVNDB: JVNDB-2016-004339 // CNNVD: CNNVD-201608-175 // NVD: CVE-2016-1429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1429
value: HIGH

Trust: 1.0

NVD: CVE-2016-1429
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-06190
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201608-175
value: HIGH

Trust: 0.6

VULHUB: VHN-90248
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1429
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-06190
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90248
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1429
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-06190 // VULHUB: VHN-90248 // JVNDB: JVNDB-2016-004339 // CNNVD: CNNVD-201608-175 // NVD: CVE-2016-1429

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-90248 // JVNDB: JVNDB-2016-004339 // NVD: CVE-2016-1429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-175

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201608-175

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004339

PATCH
title:cisco-sa-20160803-rv180_1url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1
Trust: 0.8
title:CiscoRV180/RV180W Directory Traversal Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/80284
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-06190 // 
            
            
            
            JVNDB: JVNDB-2016-004339

EXTERNAL IDS
db:NVDid:CVE-2016-1429
Trust: 3.4
db:BIDid:92270
Trust: 1.4
db:SECTRACKid:1036527
Trust: 1.1
db:JVNDBid:JVNDB-2016-004339
Trust: 0.8
db:CNNVDid:CNNVD-201608-175
Trust: 0.7
db:CNVDid:CNVD-2016-06190
Trust: 0.6
db:VULHUBid:VHN-90248
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06190 // 
            
            
            
            VULHUB: VHN-90248 // 
            
            
            
            BID: 92270 // 
            
            
            
            JVNDB: JVNDB-2016-004339 // 
            
            
            
            CNNVD: CNNVD-201608-175 // 
            
            
            
            NVD: CVE-2016-1429

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160803-rv180_1
Trust: 2.6
url:http://www.securityfocus.com/bid/92270
Trust: 1.1
url:http://www.securitytracker.com/id/1036527
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1429
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1429
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-06190 // 
            
            
            
            VULHUB: VHN-90248 // 
            
            
            
            BID: 92270 // 
            
            
            
            JVNDB: JVNDB-2016-004339 // 
            
            
            
            CNNVD: CNNVD-201608-175 // 
            
            
            
            NVD: CVE-2016-1429

CREDITS
Harri Kuosmanen.
Trust: 0.3
sources:
            
            
            BID: 92270

SOURCES
db:CNVDid:CNVD-2016-06190
db:VULHUBid:VHN-90248
db:BIDid:92270
db:JVNDBid:JVNDB-2016-004339
db:CNNVDid:CNNVD-201608-175
db:NVDid:CVE-2016-1429

LAST UPDATE DATE
2024-11-23T22:49:14.313000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-06190date:2016-08-10T00:00:00
db:VULHUBid:VHN-90248date:2017-08-16T00:00:00
db:BIDid:92270date:2016-08-03T00:00:00
db:JVNDBid:JVNDB-2016-004339date:2016-08-17T00:00:00
db:CNNVDid:CNNVD-201608-175date:2016-08-08T00:00:00
db:NVDid:CVE-2016-1429date:2024-11-21T02:46:25.653

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-06190date:2016-08-10T00:00:00
db:VULHUBid:VHN-90248date:2016-08-08T00:00:00
db:BIDid:92270date:2016-08-03T00:00:00
db:JVNDBid:JVNDB-2016-004339date:2016-08-17T00:00:00
db:CNNVDid:CNNVD-201608-175date:2016-08-08T00:00:00
db:NVDid:CVE-2016-1429date:2016-08-08T00:59:02.373