Details of VAR-201608-0235

ID

VAR-201608-0235

CVE

CVE-2016-1430

TITLE

Cisco RV180 and RV180W In the device root Vulnerability to execute arbitrary commands with privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-004340

DESCRIPTION

Cisco RV180 and RV180W devices allow remote authenticated users to execute arbitrary commands as root via a crafted HTTP request, aka Bug ID CSCuz48592. The Cisco RV180 and RV180W are wireless multifunction VPN routers. The web interface of Cisco RV180 and RV180W does not correctly verify that there is a security vulnerability in the HTTP request. This issue is being tracked by Cisco bug ID CSCuz48592. Both Cisco RV180 and RV180W are router products of Cisco (Cisco)

Trust: 2.52

sources: NVD: CVE-2016-1430 // JVNDB: JVNDB-2016-004340 // CNVD: CNVD-2016-06187 // BID: 92275 // VULHUB: VHN-90249

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06187

AFFECTED PRODUCTS

vendor:	cisco	model:	rv180 vpn router	scope:	-	version:	-	Trust: 1.2
vendor:	cisco	model:	rv180w vpn router	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	rv180 vpn router	scope:	eq	version:	*	Trust: 1.0
vendor:	cisco	model:	rv180 vpn router	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	rv180w wireless-n multifunction vpn router	scope:	eq	version:	-	Trust: 0.8
vendor:	cisco	model:	rv180w wireless-n multifunction vpn router	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv180w vpn router	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv180w wireless-n multifunction vpn router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	rv180 vpn router	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2016-06187 // BID: 92275 // JVNDB: JVNDB-2016-004340 // CNNVD: CNNVD-201608-176 // NVD: CVE-2016-1430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1430
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1430
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-06187
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201608-176
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-90249
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1430
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-06187
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90249
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1430
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-06187 // VULHUB: VHN-90249 // JVNDB: JVNDB-2016-004340 // CNNVD: CNNVD-201608-176 // NVD: CVE-2016-1430

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-90249 // JVNDB: JVNDB-2016-004340 // NVD: CVE-2016-1430

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-176

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201608-176

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004340

PATCH

title:

cisco-sa-20160803-rv180_2

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2

Trust: 0.8

sources: JVNDB: JVNDB-2016-004340

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1430	Trust: 3.4
db:	BID	id:	92275	Trust: 2.0
db:	SECTRACK	id:	1036525	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-004340	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-176	Trust: 0.7
db:	CNVD	id:	CNVD-2016-06187	Trust: 0.6
db:	VULHUB	id:	VHN-90249	Trust: 0.1

sources: CNVD: CNVD-2016-06187 // VULHUB: VHN-90249 // BID: 92275 // JVNDB: JVNDB-2016-004340 // CNNVD: CNNVD-201608-176 // NVD: CVE-2016-1430

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160803-rv180_2	Trust: 2.6
url:	http://www.securityfocus.com/bid/92275	Trust: 1.1
url:	http://www.securitytracker.com/id/1036525	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1430	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1430	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-06187 // VULHUB: VHN-90249 // BID: 92275 // JVNDB: JVNDB-2016-004340 // CNNVD: CNNVD-201608-176 // NVD: CVE-2016-1430

CREDITS

Harri Kuosmanen

Trust: 0.3

sources: BID: 92275

SOURCES

db:	CNVD	id:	CNVD-2016-06187
db:	VULHUB	id:	VHN-90249
db:	BID	id:	92275
db:	JVNDB	id:	JVNDB-2016-004340
db:	CNNVD	id:	CNNVD-201608-176
db:	NVD	id:	CVE-2016-1430

LAST UPDATE DATE

2024-11-23T22:22:44.422000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06187	date:	2016-08-10T00:00:00
db:	VULHUB	id:	VHN-90249	date:	2017-08-16T00:00:00
db:	BID	id:	92275	date:	2016-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-004340	date:	2016-08-17T00:00:00
db:	CNNVD	id:	CNNVD-201608-176	date:	2016-08-08T00:00:00
db:	NVD	id:	CVE-2016-1430	date:	2024-11-21T02:46:25.767

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06187	date:	2016-08-10T00:00:00
db:	VULHUB	id:	VHN-90249	date:	2016-08-08T00:00:00
db:	BID	id:	92275	date:	2016-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-004340	date:	2016-08-17T00:00:00
db:	CNNVD	id:	CNNVD-201608-176	date:	2016-08-08T00:00:00
db:	NVD	id:	CVE-2016-1430	date:	2016-08-08T00:59:04