Details of VAR-201904-0414

ID

VAR-201904-0414

CVE

CVE-2019-1828

TITLE

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Router Vulnerabilities in the use of cryptographic algorithms

Trust: 0.8

sources: JVNDB: JVNDB-2019-003275

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22. Cisco Small Business RV320 and Cisco Small Business RV325 are both a VPN router from Cisco in the United States. Cisco Small Business RV320 and Cisco Small Business RV325 have vulnerabilities in encryption problems. Attackers can use this vulnerability to obtain sensitive information. This may lead to other attacks. This issue is being tracked by Cisco Bug ID CSCvp09573

Trust: 2.43

sources: NVD: CVE-2019-1828 // JVNDB: JVNDB-2019-003275 // CNVD: CNVD-2020-22328 // BID: 107774

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-22328

AFFECTED PRODUCTS

vendor:	cisco	model:	rv325	scope:	lt	version:	1.4.2.22	Trust: 1.0
vendor:	cisco	model:	rv320	scope:	lt	version:	1.4.2.22	Trust: 1.0
vendor:	cisco	model:	rv320 dual gigabit wan vpn router	scope:	lt	version:	1.4.2.22	Trust: 0.8
vendor:	cisco	model:	rv325 dual gigabit wan vpn router	scope:	lt	version:	1.4.2.22	Trust: 0.8
vendor:	cisco	model:	small business rv320	scope:	eq	version:	1.4.2.22	Trust: 0.6
vendor:	cisco	model:	small business rv325	scope:	eq	version:	1.4.2.22	Trust: 0.6
vendor:	cisco	model:	small business rv series routers	scope:	eq	version:	1.4.2.20	Trust: 0.3
vendor:	cisco	model:	small business rv series routers	scope:	eq	version:	1.4.2.17	Trust: 0.3
vendor:	cisco	model:	small business rv series routers	scope:	eq	version:	1.4.2.15	Trust: 0.3
vendor:	cisco	model:	small business rv series routers	scope:	eq	version:	1.4.2.14	Trust: 0.3
vendor:	cisco	model:	small business rv series routers	scope:	ne	version:	1.4.2.22	Trust: 0.3

sources: CNVD: CNVD-2020-22328 // BID: 107774 // JVNDB: JVNDB-2019-003275 // NVD: CVE-2019-1828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1828
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1828
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1828
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-22328
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201904-250
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2019-1828
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2020-22328
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2019-1828
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8
ykramarz@cisco.com:	CVE-2019-1828
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2020-22328 // JVNDB: JVNDB-2019-003275 // CNNVD: CNNVD-201904-250 // NVD: CVE-2019-1828 // NVD: CVE-2019-1828

PROBLEMTYPE DATA

problemtype:

CWE-327

Trust: 1.8

sources: JVNDB: JVNDB-2019-003275 // NVD: CVE-2019-1828

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-250

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-250

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003275

PATCH

title:	cisco-sa-20190404-rv-weak-encrypt	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190404-rv-weak-encrypt	Trust: 0.8
title:	Patch for Cisco Small Business RV320 and Cisco Small Business RV325 encryption problem vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/213481	Trust: 0.6
title:	Cisco Small Business RV320 and Cisco Small Business RV325 Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91104	Trust: 0.6

sources: CNVD: CNVD-2020-22328 // JVNDB: JVNDB-2019-003275 // CNNVD: CNNVD-201904-250

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1828	Trust: 3.3
db:	BID	id:	107774	Trust: 1.9
db:	JVNDB	id:	JVNDB-2019-003275	Trust: 0.8
db:	CNVD	id:	CNVD-2020-22328	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.1160	Trust: 0.6
db:	CNNVD	id:	CNNVD-201904-250	Trust: 0.6

sources: CNVD: CNVD-2020-22328 // BID: 107774 // JVNDB: JVNDB-2019-003275 // CNNVD: CNNVD-201904-250 // NVD: CVE-2019-1828

REFERENCES

url:	http://www.securityfocus.com/bid/107774	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1828	Trust: 2.0
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190404-rv-weak-encrypt	Trust: 1.9
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1828	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190404-rv-xss	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/78506	Trust: 0.6

sources: CNVD: CNVD-2020-22328 // BID: 107774 // JVNDB: JVNDB-2019-003275 // CNNVD: CNNVD-201904-250 // NVD: CVE-2019-1828

CREDITS

GitHub user 0x27,David Davidson.

Trust: 0.6

sources: CNNVD: CNNVD-201904-250

SOURCES

db:	CNVD	id:	CNVD-2020-22328
db:	BID	id:	107774
db:	JVNDB	id:	JVNDB-2019-003275
db:	CNNVD	id:	CNNVD-201904-250
db:	NVD	id:	CVE-2019-1828

LAST UPDATE DATE

2024-08-14T14:56:56.243000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-22328	date:	2020-04-12T00:00:00
db:	BID	id:	107774	date:	2019-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-003275	date:	2019-05-14T00:00:00
db:	CNNVD	id:	CNNVD-201904-250	date:	2019-04-19T00:00:00
db:	NVD	id:	CVE-2019-1828	date:	2019-10-09T23:48:16.300

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-22328	date:	2020-04-12T00:00:00
db:	BID	id:	107774	date:	2019-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-003275	date:	2019-05-14T00:00:00
db:	CNNVD	id:	CNNVD-201904-250	date:	2019-04-04T00:00:00
db:	NVD	id:	CVE-2019-1828	date:	2019-04-04T16:29:03.383