Details of VAR-201901-0351

ID

VAR-201901-0351

CVE

CVE-2019-1653

TITLE

Cisco Small Business RV320 and RV325 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001420

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. Cisco Small Business RV320 and RV325 Contains an access control vulnerability.Information may be obtained. CiscoSmallBusinessRV320 and RV325 are enterprise routers from Cisco. An information disclosure vulnerability exists in the Web-based management interface of CiscoSmallBusinessRV320 and RV325 using firmware version 1.4.2.15 to version 1.4.2.19. Remote attackers can connect via HTTP or HTTPS. This may lead to other attacks. This issue is being tracked by the Cisco Bug ID CSCvg85922. The following version of Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers are vulnerable: Cisco RV320 Dual Gigabit WAN VPN Router version 1.4.2.15 and 1.4.2.17. Cisco RV325 Dual Gigabit WAN VPN Router version 1.4.2.15 and 1.4.2.17

Trust: 2.61

sources: NVD: CVE-2019-1653 // JVNDB: JVNDB-2019-001420 // CNVD: CNVD-2019-02748 // BID: 106732 // VULHUB: VHN-148685 // VULMON: CVE-2019-1653

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-02748

AFFECTED PRODUCTS

vendor:	cisco	model:	rv325	scope:	eq	version:	1.4.2.15	Trust: 1.0
vendor:	cisco	model:	rv320	scope:	eq	version:	1.4.2.17	Trust: 1.0
vendor:	cisco	model:	rv325	scope:	eq	version:	1.4.2.17	Trust: 1.0
vendor:	cisco	model:	rv320	scope:	eq	version:	1.4.2.15	Trust: 1.0
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business rv320	scope:	gte	version:	1.4.2.15,<=1.4.2.19	Trust: 0.6
vendor:	cisco	model:	small business rv325	scope:	gte	version:	1.4.2.15,<=1.4.2.19	Trust: 0.6
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.17	Trust: 0.3
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.15	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.17	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	eq	version:	1.4.2.15	Trust: 0.3
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	ne	version:	1.4.2.20	Trust: 0.3
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	ne	version:	1.4.2.19	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	ne	version:	1.4.2.20	Trust: 0.3
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	ne	version:	1.4.2.19	Trust: 0.3

sources: CNVD: CNVD-2019-02748 // BID: 106732 // JVNDB: JVNDB-2019-001420 // NVD: CVE-2019-1653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1653
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1653
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-1653
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-02748
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201901-876
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148685
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-1653
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1653
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-02748
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-148685
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1653
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1653
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-02748 // VULHUB: VHN-148685 // VULMON: CVE-2019-1653 // JVNDB: JVNDB-2019-001420 // CNNVD: CNNVD-201901-876 // NVD: CVE-2019-1653 // NVD: CVE-2019-1653

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.9
problemtype:	CWE-200	Trust: 1.1

sources: VULHUB: VHN-148685 // JVNDB: JVNDB-2019-001420 // NVD: CVE-2019-1653

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-876

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201901-876

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001420

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-148685 // VULMON: CVE-2019-1653

PATCH

title:	cisco-sa-20190123-rv-info	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info	Trust: 0.8
title:	Patch for CiscoSmallBusinessRV320 and RV325 Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/151517	Trust: 0.6
title:	Cisco Small Business RV320 and RV325 Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88951	Trust: 0.6
title:	Cisco: Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190123-rv-info	Trust: 0.1
title:	CISCOSPIL	url:	https://github.com/bibortone/CISCOSPIL	Trust: 0.1
title:	CVE-2019-1653	url:	https://github.com/dubfr33/CVE-2019-1653	Trust: 0.1
title:	CiscoSpill	url:	https://github.com/shaheemirza/CiscoSpill	Trust: 0.1
title:	CiscoRV320Dump	url:	https://github.com/0x27/CiscoRV320Dump	Trust: 0.1
title:	CiscoExploit	url:	https://github.com/k8gege/CiscoExploit	Trust: 0.1
title:	nuclei-templates	url:	https://github.com/storenth/nuclei-templates	Trust: 0.1
title:	kenzer-templates	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1
title:	kenzer-templates	url:	https://github.com/Elsfa7-110/kenzer-templates	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/developer3000S/PoC-in-GitHub	Trust: 0.1
title:	CVE-POC	url:	https://github.com/0xT11/CVE-POC	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/hectorgie/PoC-in-GitHub	Trust: 0.1
title:	PoC-in-GitHub	url:	https://github.com/nomi-sec/PoC-in-GitHub	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/chinese-hackers-exploit-cisco-citrix-espionage/154133/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-finally-patches-routers-bugs-as-new-unpatched-flaws-surface/143528/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/scans-cisco-routers-code-execution/141218/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2019/01/26/security_roundup_250119/	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2019/01/24/cisco_sd_wan_bugs/	Trust: 0.1

sources: CNVD: CNVD-2019-02748 // VULMON: CVE-2019-1653 // JVNDB: JVNDB-2019-001420 // CNNVD: CNNVD-201901-876

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1653	Trust: 3.5
db:	BID	id:	106732	Trust: 2.1
db:	EXPLOIT-DB	id:	46655	Trust: 1.8
db:	EXPLOIT-DB	id:	46262	Trust: 1.8
db:	PACKETSTORM	id:	152305	Trust: 1.8
db:	PACKETSTORM	id:	152261	Trust: 1.8
db:	PACKETSTORM	id:	152260	Trust: 1.8
db:	JVNDB	id:	JVNDB-2019-001420	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-876	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0217.4	Trust: 0.6
db:	CNVD	id:	CNVD-2019-02748	Trust: 0.6
db:	NSFOCUS	id:	43903	Trust: 0.6
db:	PACKETSTORM	id:	151311	Trust: 0.1
db:	PACKETSTORM	id:	151374	Trust: 0.1
db:	PACKETSTORM	id:	151312	Trust: 0.1
db:	SEEBUG	id:	SSVID-97779	Trust: 0.1
db:	SEEBUG	id:	SSVID-97874	Trust: 0.1
db:	VULHUB	id:	VHN-148685	Trust: 0.1
db:	VULMON	id:	CVE-2019-1653	Trust: 0.1

sources: CNVD: CNVD-2019-02748 // VULHUB: VHN-148685 // VULMON: CVE-2019-1653 // BID: 106732 // JVNDB: JVNDB-2019-001420 // CNNVD: CNNVD-201901-876 // NVD: CVE-2019-1653

REFERENCES

url:	http://www.securityfocus.com/bid/106732	Trust: 3.1
url:	http://packetstormsecurity.com/files/152261/cisco-rv320-unauthenticated-diagnostic-data-retrieval.html	Trust: 3.0
url:	http://packetstormsecurity.com/files/152305/cisco-rv320-rv325-unauthenticated-remote-code-execution.html	Trust: 3.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-rv-info	Trust: 2.8
url:	http://packetstormsecurity.com/files/152260/cisco-rv320-unauthenticated-configuration-export.html	Trust: 2.4
url:	https://seclists.org/bugtraq/2019/mar/53	Trust: 1.8
url:	https://seclists.org/bugtraq/2019/mar/54	Trust: 1.8
url:	https://www.exploit-db.com/exploits/46262/	Trust: 1.8
url:	https://www.exploit-db.com/exploits/46655/	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2019/mar/59	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2019/mar/60	Trust: 1.8
url:	https://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/	Trust: 1.8
url:	https://threatpost.com/scans-cisco-routers-code-execution/141218/	Trust: 1.8
url:	https://www.youtube.com/watch?v=bx0rqjdlgby	Trust: 1.8
url:	https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1653	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1653	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/74530	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/43903	Trust: 0.6
url:	https://www.exploit-db.com/exploits/46655	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://www.redteam-pentesting.de/en/advisories/rt-sa-2018-003/-cisco-rv320-unauthenticated-diagnostic-data-retrieval	Trust: 0.3
url:	https://software.cisco.com/download/home/284005929/type/282465789/release/1.4.2.20	Trust: 0.3
url:	https://software.cisco.com/download/home/284005936/type/282465789/release/1.4.2.20	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/46262	Trust: 0.1
url:	https://github.com/dubfr33/cve-2019-1653	Trust: 0.1

sources: CNVD: CNVD-2019-02748 // VULHUB: VHN-148685 // VULMON: CVE-2019-1653 // BID: 106732 // JVNDB: JVNDB-2019-001420 // CNNVD: CNNVD-201901-876 // NVD: CVE-2019-1653

CREDITS

RedTeam Pentesting GmbH?.,Philip Huppert,redteam-pentesting.de,Metasploit,Cisco would like to thank RedTeam Pentesting GmbH?for reporting this vulnerability.,RedTeam Pentesting GmbH.

Trust: 0.6

sources: CNNVD: CNNVD-201901-876

SOURCES

db:	CNVD	id:	CNVD-2019-02748
db:	VULHUB	id:	VHN-148685
db:	VULMON	id:	CVE-2019-1653
db:	BID	id:	106732
db:	JVNDB	id:	JVNDB-2019-001420
db:	CNNVD	id:	CNNVD-201901-876
db:	NVD	id:	CVE-2019-1653

LAST UPDATE DATE

2024-08-14T14:51:22.194000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-02748	date:	2019-01-25T00:00:00
db:	VULHUB	id:	VHN-148685	date:	2020-10-05T00:00:00
db:	VULMON	id:	CVE-2019-1653	date:	2020-10-05T00:00:00
db:	BID	id:	106732	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001420	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-876	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2019-1653	date:	2020-10-05T19:37:49.930

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-02748	date:	2019-01-25T00:00:00
db:	VULHUB	id:	VHN-148685	date:	2019-01-24T00:00:00
db:	VULMON	id:	CVE-2019-1653	date:	2019-01-24T00:00:00
db:	BID	id:	106732	date:	2019-01-23T00:00:00
db:	JVNDB	id:	JVNDB-2019-001420	date:	2019-03-05T00:00:00
db:	CNNVD	id:	CNNVD-201901-876	date:	2019-01-24T00:00:00
db:	NVD	id:	CVE-2019-1653	date:	2019-01-24T16:29:00.317