ID

VAR-201901-0350


CVE

CVE-2019-1652


TITLE

Cisco Small Business RV320 and RV325 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001419

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability. Cisco Small Business RV320 and RV325 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoSmallBusinessRV320 and RV325 are enterprise routers from Cisco. A command injection vulnerability exists in CiscoSmallBusinessRV320 and RV325 that uses firmware version 1.4.2.15 through 1.4.2.19. This issue is being tracked by Cisco Bug ID CSCvm78058. The following version of Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers are vulnerable: Cisco RV320 Dual Gigabit WAN VPN Router version 1.4.2.15 through 1.4.2.19. Cisco RV325 Dual Gigabit WAN VPN Router version 1.4.2.15 through 1.4.2.19

Trust: 2.61

sources: NVD: CVE-2019-1652 // JVNDB: JVNDB-2019-001419 // CNVD: CNVD-2019-02747 // BID: 106728 // VULHUB: VHN-148674 // VULMON: CVE-2019-1652

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-02747

AFFECTED PRODUCTS

vendor:ciscomodel:rv325scope:eqversion:1.4.2.15

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.4.2.15

Trust: 1.0

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:small business rv320scope:gteversion:1.4.2.15,<=1.4.2.19

Trust: 0.6

vendor:ciscomodel:small business rv325scope:gteversion:1.4.2.15,<=1.4.2.19

Trust: 0.6

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:eqversion:1.4.2.19

Trust: 0.3

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:eqversion:1.4.2.18

Trust: 0.3

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:eqversion:1.4.2.17

Trust: 0.3

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:eqversion:1.4.2.16

Trust: 0.3

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:eqversion:1.4.2.15

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:eqversion:1.4.2.19

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:eqversion:1.4.2.18

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:eqversion:1.4.2.17

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:eqversion:1.4.2.16

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:eqversion:1.4.2.15

Trust: 0.3

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:neversion:1.4.2.20

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:neversion:1.4.2.20

Trust: 0.3

sources: CNVD: CNVD-2019-02747 // BID: 106728 // JVNDB: JVNDB-2019-001419 // NVD: CVE-2019-1652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1652
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1652
value: HIGH

Trust: 1.0

NVD: CVE-2019-1652
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-02747
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-877
value: HIGH

Trust: 0.6

VULHUB: VHN-148674
value: HIGH

Trust: 0.1

VULMON: CVE-2019-1652
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-1652
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-02747
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-148674
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1652
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1652
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-02747 // VULHUB: VHN-148674 // VULMON: CVE-2019-1652 // JVNDB: JVNDB-2019-001419 // CNNVD: CNNVD-201901-877 // NVD: CVE-2019-1652 // NVD: CVE-2019-1652

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-78

Trust: 1.1

sources: VULHUB: VHN-148674 // JVNDB: JVNDB-2019-001419 // NVD: CVE-2019-1652

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-877

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-877

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001419

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-148674 // VULMON: CVE-2019-1652

PATCH

title:cisco-sa-20190123-rv-injecturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject

Trust: 0.8

title:Patch for CiscoSmallBusinessRV320 and RV325 Command Injection Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/151511

Trust: 0.6

title:Cisco Small Business RV320 and RV325 Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88950

Trust: 0.6

title:Cisco: Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190123-rv-inject

Trust: 0.1

title:CiscoRV320Dumpurl:https://github.com/0x27/CiscoRV320Dump

Trust: 0.1

title:CiscoExploiturl:https://github.com/k8gege/CiscoExploit

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:Threatposturl:https://threatpost.com/chinese-hackers-exploit-cisco-citrix-espionage/154133/

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-finally-patches-routers-bugs-as-new-unpatched-flaws-surface/143528/

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/

Trust: 0.1

title:Threatposturl:https://threatpost.com/scans-cisco-routers-code-execution/141218/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2019/01/26/security_roundup_250119/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2019/01/24/cisco_sd_wan_bugs/

Trust: 0.1

sources: CNVD: CNVD-2019-02747 // VULMON: CVE-2019-1652 // JVNDB: JVNDB-2019-001419 // CNNVD: CNNVD-201901-877

EXTERNAL IDS

db:NVDid:CVE-2019-1652

Trust: 3.5

db:BIDid:106728

Trust: 2.1

db:EXPLOIT-DBid:46655

Trust: 1.8

db:EXPLOIT-DBid:46243

Trust: 1.8

db:PACKETSTORMid:152305

Trust: 1.8

db:PACKETSTORMid:152262

Trust: 1.8

db:JVNDBid:JVNDB-2019-001419

Trust: 0.8

db:CNNVDid:CNNVD-201901-877

Trust: 0.7

db:AUSCERTid:ESB-2019.0217.4

Trust: 0.6

db:CNVDid:CNVD-2019-02747

Trust: 0.6

db:NSFOCUSid:43901

Trust: 0.6

db:PACKETSTORMid:151313

Trust: 0.1

db:SEEBUGid:SSVID-97781

Trust: 0.1

db:SEEBUGid:SSVID-97873

Trust: 0.1

db:VULHUBid:VHN-148674

Trust: 0.1

db:VULMONid:CVE-2019-1652

Trust: 0.1

sources: CNVD: CNVD-2019-02747 // VULHUB: VHN-148674 // VULMON: CVE-2019-1652 // BID: 106728 // JVNDB: JVNDB-2019-001419 // CNNVD: CNNVD-201901-877 // NVD: CVE-2019-1652

REFERENCES

url:http://packetstormsecurity.com/files/152262/cisco-rv320-command-injection.html

Trust: 3.0

url:http://packetstormsecurity.com/files/152305/cisco-rv320-rv325-unauthenticated-remote-code-execution.html

Trust: 3.0

url:http://www.securityfocus.com/bid/106728

Trust: 2.5

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-rv-inject

Trust: 2.2

url:https://seclists.org/bugtraq/2019/mar/55

Trust: 1.8

url:https://www.exploit-db.com/exploits/46243/

Trust: 1.8

url:https://www.exploit-db.com/exploits/46655/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/mar/61

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1652

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-1652

Trust: 0.8

url:https://www.auscert.org.au/bulletins/74530

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43901

Trust: 0.6

url:https://www.exploit-db.com/exploits/46655

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:https://www.redteam-pentesting.de/en/advisories/rt-sa-2018-004/-cisco-rv320-command-injection

Trust: 0.3

url:https://software.cisco.com/download/home/284005929/type/282465789/release/1.4.2.20

Trust: 0.3

url:https://software.cisco.com/download/home/284005936/type/282465789/release/1.4.2.20

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/46243

Trust: 0.1

url:https://github.com/0x27/ciscorv320dump

Trust: 0.1

sources: CNVD: CNVD-2019-02747 // VULHUB: VHN-148674 // VULMON: CVE-2019-1652 // BID: 106728 // JVNDB: JVNDB-2019-001419 // CNNVD: CNNVD-201901-877 // NVD: CVE-2019-1652

CREDITS

RedTeam Pentesting GmbH .,Philip Huppert,redteam-pentesting.de,Cisco would like to thank RedTeam Pentesting GmbH for reporting this vulnerability.,Metasploit,RedTeam Pentesting GmbH.

Trust: 0.6

sources: CNNVD: CNNVD-201901-877

SOURCES

db:CNVDid:CNVD-2019-02747
db:VULHUBid:VHN-148674
db:VULMONid:CVE-2019-1652
db:BIDid:106728
db:JVNDBid:JVNDB-2019-001419
db:CNNVDid:CNNVD-201901-877
db:NVDid:CVE-2019-1652

LAST UPDATE DATE

2024-08-14T14:51:22.241000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-02747date:2019-01-25T00:00:00
db:VULHUBid:VHN-148674date:2020-10-05T00:00:00
db:VULMONid:CVE-2019-1652date:2020-10-05T00:00:00
db:BIDid:106728date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001419date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-877date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1652date:2020-10-05T19:34:56.353

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-02747date:2019-01-25T00:00:00
db:VULHUBid:VHN-148674date:2019-01-24T00:00:00
db:VULMONid:CVE-2019-1652date:2019-01-24T00:00:00
db:BIDid:106728date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001419date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-877date:2019-01-24T00:00:00
db:NVDid:CVE-2019-1652date:2019-01-24T15:29:00.953