Details of VAR-201901-0350

ID

VAR-201901-0350

CVE

CVE-2019-1652

TITLE

Cisco Small Business RV320 and RV325 Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001419

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability. Cisco Small Business RV320 and RV325 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CiscoSmallBusinessRV320 and RV325 are enterprise routers from Cisco. A command injection vulnerability exists in CiscoSmallBusinessRV320 and RV325 that uses firmware version 1.4.2.15 through 1.4.2.19. This issue is being tracked by Cisco Bug ID CSCvm78058. The following version of Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers are vulnerable: Cisco RV320 Dual Gigabit WAN VPN Router version 1.4.2.15 through 1.4.2.19. Cisco RV325 Dual Gigabit WAN VPN Router version 1.4.2.15 through 1.4.2.19

Trust: 2.61

sources: NVD: CVE-2019-1652 // JVNDB: JVNDB-2019-001419 // CNVD: CNVD-2019-02747 // BID: 106728 // VULHUB: VHN-148674 // VULMON: CVE-2019-1652

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-02747

AFFECTED PRODUCTS

vendor:	cisco	model:	rv325	scope:	eq	version:	1.4.2.15	Trust: 1.0
vendor:	cisco	model:	rv320	scope:	eq	version:	1.4.2.15	Trust: 1.0
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business rv320	scope:	gte	version:	1.4.2.15,<=1.4.2.19	Trust: 0.6
vendor:	cisco	model:	small business rv325	scope:	gte	version:	1.4.2.15,<=1.4.2.19	Trust: 0.6
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.19	Trust: 0.3
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.18	Trust: 0.3
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.17	Trust: 0.3
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.16	Trust: 0.3
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.15	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.19	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.18	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.17	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.16	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.15	Trust: 0.3
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	ne	version:	1.4.2.20	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	ne	version:	1.4.2.20	Trust: 0.3

sources: CNVD: CNVD-2019-02747 // BID: 106728 // JVNDB: JVNDB-2019-001419 // NVD: CVE-2019-1652

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1652
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1652
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1652
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-02747
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201901-877
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148674
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-1652
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-1652
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-02747
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-148674
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1652
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1652
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-02747 // VULHUB: VHN-148674 // VULMON: CVE-2019-1652 // JVNDB: JVNDB-2019-001419 // CNNVD: CNNVD-201901-877 // NVD: CVE-2019-1652 // NVD: CVE-2019-1652

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.9
problemtype:	CWE-78	Trust: 1.1

sources: VULHUB: VHN-148674 // JVNDB: JVNDB-2019-001419 // NVD: CVE-2019-1652

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-877

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-877

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001419

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-148674 // VULMON: CVE-2019-1652

PATCH

title:	cisco-sa-20190123-rv-inject	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject	Trust: 0.8
title:	Patch for CiscoSmallBusinessRV320 and RV325 Command Injection Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/151511	Trust: 0.6
title:	Cisco Small Business RV320 and RV325 Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88950	Trust: 0.6
title:	Cisco: Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190123-rv-inject	Trust: 0.1
title:	CiscoRV320Dump	url:	https://github.com/0x27/CiscoRV320Dump	Trust: 0.1
title:	CiscoExploit	url:	https://github.com/k8gege/CiscoExploit	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/chinese-hackers-exploit-cisco-citrix-espionage/154133/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-finally-patches-routers-bugs-as-new-unpatched-flaws-surface/143528/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/scans-cisco-routers-code-execution/141218/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2019/01/26/security_roundup_250119/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2019/01/24/cisco_sd_wan_bugs/	Trust: 0.1

sources: CNVD: CNVD-2019-02747 // VULMON: CVE-2019-1652 // JVNDB: JVNDB-2019-001419 // CNNVD: CNNVD-201901-877

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1652	Trust: 3.5
db:	BID	id:	106728	Trust: 2.1
db:	EXPLOIT-DB	id:	46655	Trust: 1.8
db:	EXPLOIT-DB	id:	46243	Trust: 1.8
db:	PACKETSTORM	id:	152305	Trust: 1.8
db:	PACKETSTORM	id:	152262	Trust: 1.8
db:	JVNDB	id:	JVNDB-2019-001419	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-877	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0217.4	Trust: 0.6
db:	CNVD	id:	CNVD-2019-02747	Trust: 0.6
db:	NSFOCUS	id:	43901	Trust: 0.6
db:	PACKETSTORM	id:	151313	Trust: 0.1
db:	SEEBUG	id:	SSVID-97781	Trust: 0.1
db:	SEEBUG	id:	SSVID-97873	Trust: 0.1
db:	VULHUB	id:	VHN-148674	Trust: 0.1
db:	VULMON	id:	CVE-2019-1652	Trust: 0.1

sources: CNVD: CNVD-2019-02747 // VULHUB: VHN-148674 // VULMON: CVE-2019-1652 // BID: 106728 // JVNDB: JVNDB-2019-001419 // CNNVD: CNNVD-201901-877 // NVD: CVE-2019-1652

REFERENCES

url:	http://packetstormsecurity.com/files/152262/cisco-rv320-command-injection.html	Trust: 3.0
url:	http://packetstormsecurity.com/files/152305/cisco-rv320-rv325-unauthenticated-remote-code-execution.html	Trust: 3.0
url:	http://www.securityfocus.com/bid/106728	Trust: 2.5
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-rv-inject	Trust: 2.2
url:	https://seclists.org/bugtraq/2019/mar/55	Trust: 1.8
url:	https://www.exploit-db.com/exploits/46243/	Trust: 1.8
url:	https://www.exploit-db.com/exploits/46655/	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2019/mar/61	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1652	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1652	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/74530	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43901	Trust: 0.6
url:	https://www.exploit-db.com/exploits/46655	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://www.redteam-pentesting.de/en/advisories/rt-sa-2018-004/-cisco-rv320-command-injection	Trust: 0.3
url:	https://software.cisco.com/download/home/284005929/type/282465789/release/1.4.2.20	Trust: 0.3
url:	https://software.cisco.com/download/home/284005936/type/282465789/release/1.4.2.20	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/46243	Trust: 0.1
url:	https://github.com/0x27/ciscorv320dump	Trust: 0.1

sources: CNVD: CNVD-2019-02747 // VULHUB: VHN-148674 // VULMON: CVE-2019-1652 // BID: 106728 // JVNDB: JVNDB-2019-001419 // CNNVD: CNNVD-201901-877 // NVD: CVE-2019-1652

CREDITS

RedTeam Pentesting GmbH .,Philip Huppert,redteam-pentesting.de,Cisco would like to thank RedTeam Pentesting GmbH for reporting this vulnerability.,Metasploit,RedTeam Pentesting GmbH.

Trust: 0.6

sources: CNNVD: CNNVD-201901-877

SOURCES

db:	CNVD	id:	CNVD-2019-02747
db:	VULHUB	id:	VHN-148674
db:	VULMON	id:	CVE-2019-1652
db:	BID	id:	106728
db:	JVNDB	id:	JVNDB-2019-001419
db:	CNNVD	id:	CNNVD-201901-877
db:	NVD	id:	CVE-2019-1652

LAST UPDATE DATE

2024-08-14T14:51:22.241000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-02747	date:	2019-01-25T00:00:00
db:	VULHUB	id:	VHN-148674	date:	2020-10-05T00:00:00
db:	VULMON	id:	CVE-2019-1652	date:	2020-10-05T00:00:00
db:	BID	id:	106728	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001419	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-877	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-1652	date:	2020-10-05T19:34:56.353

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-02747	date:	2019-01-25T00:00:00
db:	VULHUB	id:	VHN-148674	date:	2019-01-24T00:00:00
db:	VULMON	id:	CVE-2019-1652	date:	2019-01-24T00:00:00
db:	BID	id:	106728	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001419	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-877	date:	2019-01-24T00:00:00
db:	NVD	id:	CVE-2019-1652	date:	2019-01-24T15:29:00.953