ID

VAR-201901-0351


CVE

CVE-2019-1653


TITLE

Cisco Small Business RV320 and RV325 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001420

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability. Cisco Small Business RV320 and RV325 Contains an access control vulnerability.Information may be obtained. CiscoSmallBusinessRV320 and RV325 are enterprise routers from Cisco. An information disclosure vulnerability exists in the Web-based management interface of CiscoSmallBusinessRV320 and RV325 using firmware version 1.4.2.15 to version 1.4.2.19. Remote attackers can connect via HTTP or HTTPS. This may lead to other attacks. This issue is being tracked by the Cisco Bug ID CSCvg85922. The following version of Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers are vulnerable: Cisco RV320 Dual Gigabit WAN VPN Router version 1.4.2.15 and 1.4.2.17. Cisco RV325 Dual Gigabit WAN VPN Router version 1.4.2.15 and 1.4.2.17

Trust: 2.61

sources: NVD: CVE-2019-1653 // JVNDB: JVNDB-2019-001420 // CNVD: CNVD-2019-02748 // BID: 106732 // VULHUB: VHN-148685 // VULMON: CVE-2019-1653

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-02748

AFFECTED PRODUCTS

vendor:ciscomodel:rv325scope:eqversion:1.4.2.15

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.4.2.17

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.4.2.17

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.4.2.15

Trust: 1.0

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:small business rv320scope:gteversion:1.4.2.15,<=1.4.2.19

Trust: 0.6

vendor:ciscomodel:small business rv325scope:gteversion:1.4.2.15,<=1.4.2.19

Trust: 0.6

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:eqversion:1.4.2.17

Trust: 0.3

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:eqversion:1.4.2.15

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:eqversion:1.4.2.17

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:eqversion:1.4.2.15

Trust: 0.3

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:neversion:1.4.2.20

Trust: 0.3

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:neversion:1.4.2.19

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:neversion:1.4.2.20

Trust: 0.3

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:neversion:1.4.2.19

Trust: 0.3

sources: CNVD: CNVD-2019-02748 // BID: 106732 // JVNDB: JVNDB-2019-001420 // NVD: CVE-2019-1653

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1653
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1653
value: HIGH

Trust: 1.0

NVD: CVE-2019-1653
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-02748
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201901-876
value: HIGH

Trust: 0.6

VULHUB: VHN-148685
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-1653
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1653
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-02748
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-148685
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1653
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1653
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-02748 // VULHUB: VHN-148685 // VULMON: CVE-2019-1653 // JVNDB: JVNDB-2019-001420 // CNNVD: CNNVD-201901-876 // NVD: CVE-2019-1653 // NVD: CVE-2019-1653

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.9

problemtype:CWE-200

Trust: 1.1

sources: VULHUB: VHN-148685 // JVNDB: JVNDB-2019-001420 // NVD: CVE-2019-1653

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-876

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201901-876

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001420

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-148685 // VULMON: CVE-2019-1653

PATCH

title:cisco-sa-20190123-rv-infourl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info

Trust: 0.8

title:Patch for CiscoSmallBusinessRV320 and RV325 Information Disclosure Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/151517

Trust: 0.6

title:Cisco Small Business RV320 and RV325 Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88951

Trust: 0.6

title:Cisco: Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190123-rv-info

Trust: 0.1

title:CISCOSPILurl:https://github.com/bibortone/CISCOSPIL

Trust: 0.1

title:CVE-2019-1653url:https://github.com/dubfr33/CVE-2019-1653

Trust: 0.1

title:CiscoSpillurl:https://github.com/shaheemirza/CiscoSpill

Trust: 0.1

title:CiscoRV320Dumpurl:https://github.com/0x27/CiscoRV320Dump

Trust: 0.1

title:CiscoExploiturl:https://github.com/k8gege/CiscoExploit

Trust: 0.1

title:nuclei-templatesurl:https://github.com/storenth/nuclei-templates

Trust: 0.1

title:kenzer-templatesurl:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

title:kenzer-templatesurl:https://github.com/Elsfa7-110/kenzer-templates

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:Threatposturl:https://threatpost.com/chinese-hackers-exploit-cisco-citrix-espionage/154133/

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-finally-patches-routers-bugs-as-new-unpatched-flaws-surface/143528/

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-releases-flood-of-patches-for-ios-xe-and-small-business-routers/143228/

Trust: 0.1

title:Threatposturl:https://threatpost.com/scans-cisco-routers-code-execution/141218/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2019/01/26/security_roundup_250119/

Trust: 0.1

title:The Registerurl:https://www.theregister.co.uk/2019/01/24/cisco_sd_wan_bugs/

Trust: 0.1

sources: CNVD: CNVD-2019-02748 // VULMON: CVE-2019-1653 // JVNDB: JVNDB-2019-001420 // CNNVD: CNNVD-201901-876

EXTERNAL IDS

db:NVDid:CVE-2019-1653

Trust: 3.5

db:BIDid:106732

Trust: 2.1

db:EXPLOIT-DBid:46655

Trust: 1.8

db:EXPLOIT-DBid:46262

Trust: 1.8

db:PACKETSTORMid:152305

Trust: 1.8

db:PACKETSTORMid:152261

Trust: 1.8

db:PACKETSTORMid:152260

Trust: 1.8

db:JVNDBid:JVNDB-2019-001420

Trust: 0.8

db:CNNVDid:CNNVD-201901-876

Trust: 0.7

db:AUSCERTid:ESB-2019.0217.4

Trust: 0.6

db:CNVDid:CNVD-2019-02748

Trust: 0.6

db:NSFOCUSid:43903

Trust: 0.6

db:PACKETSTORMid:151311

Trust: 0.1

db:PACKETSTORMid:151374

Trust: 0.1

db:PACKETSTORMid:151312

Trust: 0.1

db:SEEBUGid:SSVID-97779

Trust: 0.1

db:SEEBUGid:SSVID-97874

Trust: 0.1

db:VULHUBid:VHN-148685

Trust: 0.1

db:VULMONid:CVE-2019-1653

Trust: 0.1

sources: CNVD: CNVD-2019-02748 // VULHUB: VHN-148685 // VULMON: CVE-2019-1653 // BID: 106732 // JVNDB: JVNDB-2019-001420 // CNNVD: CNNVD-201901-876 // NVD: CVE-2019-1653

REFERENCES

url:http://www.securityfocus.com/bid/106732

Trust: 3.1

url:http://packetstormsecurity.com/files/152261/cisco-rv320-unauthenticated-diagnostic-data-retrieval.html

Trust: 3.0

url:http://packetstormsecurity.com/files/152305/cisco-rv320-rv325-unauthenticated-remote-code-execution.html

Trust: 3.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-rv-info

Trust: 2.8

url:http://packetstormsecurity.com/files/152260/cisco-rv320-unauthenticated-configuration-export.html

Trust: 2.4

url:https://seclists.org/bugtraq/2019/mar/53

Trust: 1.8

url:https://seclists.org/bugtraq/2019/mar/54

Trust: 1.8

url:https://www.exploit-db.com/exploits/46262/

Trust: 1.8

url:https://www.exploit-db.com/exploits/46655/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/mar/59

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/mar/60

Trust: 1.8

url:https://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-2019-1653/

Trust: 1.8

url:https://threatpost.com/scans-cisco-routers-code-execution/141218/

Trust: 1.8

url:https://www.youtube.com/watch?v=bx0rqjdlgby

Trust: 1.8

url:https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/

Trust: 1.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1653

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-1653

Trust: 0.8

url:https://www.auscert.org.au/bulletins/74530

Trust: 0.6

url:http://www.nsfocus.net/vulndb/43903

Trust: 0.6

url:https://www.exploit-db.com/exploits/46655

Trust: 0.6

url:http://www.cisco.com/

Trust: 0.3

url:https://www.redteam-pentesting.de/en/advisories/rt-sa-2018-003/-cisco-rv320-unauthenticated-diagnostic-data-retrieval

Trust: 0.3

url:https://software.cisco.com/download/home/284005929/type/282465789/release/1.4.2.20

Trust: 0.3

url:https://software.cisco.com/download/home/284005936/type/282465789/release/1.4.2.20

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.exploit-db.com/exploits/46262

Trust: 0.1

url:https://github.com/dubfr33/cve-2019-1653

Trust: 0.1

sources: CNVD: CNVD-2019-02748 // VULHUB: VHN-148685 // VULMON: CVE-2019-1653 // BID: 106732 // JVNDB: JVNDB-2019-001420 // CNNVD: CNNVD-201901-876 // NVD: CVE-2019-1653

CREDITS

RedTeam Pentesting GmbH?.,Philip Huppert,redteam-pentesting.de,Metasploit,Cisco would like to thank RedTeam Pentesting GmbH?for reporting this vulnerability.,RedTeam Pentesting GmbH.

Trust: 0.6

sources: CNNVD: CNNVD-201901-876

SOURCES

db:CNVDid:CNVD-2019-02748
db:VULHUBid:VHN-148685
db:VULMONid:CVE-2019-1653
db:BIDid:106732
db:JVNDBid:JVNDB-2019-001420
db:CNNVDid:CNNVD-201901-876
db:NVDid:CVE-2019-1653

LAST UPDATE DATE

2024-11-23T21:37:47.296000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2019-02748date:2019-01-25T00:00:00
db:VULHUBid:VHN-148685date:2020-10-05T00:00:00
db:VULMONid:CVE-2019-1653date:2020-10-05T00:00:00
db:BIDid:106732date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001420date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-876date:2020-10-09T00:00:00
db:NVDid:CVE-2019-1653date:2024-11-21T04:37:01.223

SOURCES RELEASE DATE

db:CNVDid:CNVD-2019-02748date:2019-01-25T00:00:00
db:VULHUBid:VHN-148685date:2019-01-24T00:00:00
db:VULMONid:CVE-2019-1653date:2019-01-24T00:00:00
db:BIDid:106732date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2019-001420date:2019-03-05T00:00:00
db:CNNVDid:CNNVD-201901-876date:2019-01-24T00:00:00
db:NVDid:CVE-2019-1653date:2019-01-24T16:29:00.317