ID

VAR-201904-0414


CVE

CVE-2019-1828


TITLE

Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Router Vulnerabilities in the use of cryptographic algorithms

Trust: 0.8

sources: JVNDB: JVNDB-2019-003275

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to access administrative credentials. The vulnerability exists because affected devices use weak encryption algorithms for user credentials. An attacker could exploit this vulnerability by conducting a man-in-the-middle attack and decrypting intercepted credentials. A successful exploit could allow the attacker to gain access to an affected device with administrator privileges. This vulnerability affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running firmware releases prior to 1.4.2.22. Cisco Small Business RV320 and Cisco Small Business RV325 are both a VPN router from Cisco in the United States. Cisco Small Business RV320 and Cisco Small Business RV325 have vulnerabilities in encryption problems. Attackers can use this vulnerability to obtain sensitive information. This may lead to other attacks. This issue is being tracked by Cisco Bug ID CSCvp09573

Trust: 2.43

sources: NVD: CVE-2019-1828 // JVNDB: JVNDB-2019-003275 // CNVD: CNVD-2020-22328 // BID: 107774

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-22328

AFFECTED PRODUCTS

vendor:ciscomodel:rv325scope:ltversion:1.4.2.22

Trust: 1.0

vendor:ciscomodel:rv320scope:ltversion:1.4.2.22

Trust: 1.0

vendor:ciscomodel:rv320 dual gigabit wan vpn routerscope:ltversion:1.4.2.22

Trust: 0.8

vendor:ciscomodel:rv325 dual gigabit wan vpn routerscope:ltversion:1.4.2.22

Trust: 0.8

vendor:ciscomodel:small business rv320scope:eqversion:1.4.2.22

Trust: 0.6

vendor:ciscomodel:small business rv325scope:eqversion:1.4.2.22

Trust: 0.6

vendor:ciscomodel:small business rv series routersscope:eqversion:1.4.2.20

Trust: 0.3

vendor:ciscomodel:small business rv series routersscope:eqversion:1.4.2.17

Trust: 0.3

vendor:ciscomodel:small business rv series routersscope:eqversion:1.4.2.15

Trust: 0.3

vendor:ciscomodel:small business rv series routersscope:eqversion:1.4.2.14

Trust: 0.3

vendor:ciscomodel:small business rv series routersscope:neversion:1.4.2.22

Trust: 0.3

sources: CNVD: CNVD-2020-22328 // BID: 107774 // JVNDB: JVNDB-2019-003275 // NVD: CVE-2019-1828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1828
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1828
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1828
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-22328
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201904-250
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-1828
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-22328
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-1828
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 5.9
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-1828
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2020-22328 // JVNDB: JVNDB-2019-003275 // CNNVD: CNNVD-201904-250 // NVD: CVE-2019-1828 // NVD: CVE-2019-1828

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.8

sources: JVNDB: JVNDB-2019-003275 // NVD: CVE-2019-1828

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201904-250

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-250

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-003275

PATCH

title:cisco-sa-20190404-rv-weak-encrypturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190404-rv-weak-encrypt

Trust: 0.8

title:Patch for Cisco Small Business RV320 and Cisco Small Business RV325 encryption problem vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/213481

Trust: 0.6

title:Cisco Small Business RV320 and Cisco Small Business RV325 Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91104

Trust: 0.6

sources: CNVD: CNVD-2020-22328 // JVNDB: JVNDB-2019-003275 // CNNVD: CNNVD-201904-250

EXTERNAL IDS

db:NVDid:CVE-2019-1828

Trust: 3.3

db:BIDid:107774

Trust: 1.9

db:JVNDBid:JVNDB-2019-003275

Trust: 0.8

db:CNVDid:CNVD-2020-22328

Trust: 0.6

db:AUSCERTid:ESB-2019.1160

Trust: 0.6

db:CNNVDid:CNNVD-201904-250

Trust: 0.6

sources: CNVD: CNVD-2020-22328 // BID: 107774 // JVNDB: JVNDB-2019-003275 // CNNVD: CNNVD-201904-250 // NVD: CVE-2019-1828

REFERENCES

url:http://www.securityfocus.com/bid/107774

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-1828

Trust: 2.0

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190404-rv-weak-encrypt

Trust: 1.9

url:http://www.cisco.com/

Trust: 0.9

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1828

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190404-rv-xss

Trust: 0.6

url:https://www.auscert.org.au/bulletins/78506

Trust: 0.6

sources: CNVD: CNVD-2020-22328 // BID: 107774 // JVNDB: JVNDB-2019-003275 // CNNVD: CNNVD-201904-250 // NVD: CVE-2019-1828

CREDITS

GitHub user 0x27,David Davidson.

Trust: 0.6

sources: CNNVD: CNNVD-201904-250

SOURCES

db:CNVDid:CNVD-2020-22328
db:BIDid:107774
db:JVNDBid:JVNDB-2019-003275
db:CNNVDid:CNNVD-201904-250
db:NVDid:CVE-2019-1828

LAST UPDATE DATE

2024-08-14T14:56:56.243000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-22328date:2020-04-12T00:00:00
db:BIDid:107774date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2019-003275date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-250date:2019-04-19T00:00:00
db:NVDid:CVE-2019-1828date:2019-10-09T23:48:16.300

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-22328date:2020-04-12T00:00:00
db:BIDid:107774date:2019-04-04T00:00:00
db:JVNDBid:JVNDB-2019-003275date:2019-05-14T00:00:00
db:CNNVDid:CNNVD-201904-250date:2019-04-04T00:00:00
db:NVDid:CVE-2019-1828date:2019-04-04T16:29:03.383