Sign-up

ID

VAR-201906-0688


CVE

CVE-2019-1897


TITLE

plural Cisco Vulnerabilities related to authorization in routers

Trust: 0.8

sources: JVNDB: JVNDB-2019-005706

DESCRIPTION

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to disconnect clients that are connected to the guest network on an affected router. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for device disconnection and providing the connected device information. A successful exploit could allow the attacker to deny service to specific clients that are connected to the guest network. Cisco RV110W , RV130W , RV215W There is an authorization vulnerability in the router.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. The vulnerability stems from a program failing to properly authorize an HTTP request, which can be exploited by a remote attacker to cause a denial of service. An attacker can leverage this issue to cause denial of service condition. This issue is being tracked by Cisco Bug IDs CSCvo65045, CSCvo65048, CSCvo65050

Trust: 2.52

sources: NVD: CVE-2019-1897 // JVNDB: JVNDB-2019-005706 // CNVD: CNVD-2019-18900 // BID: 108848 // VULHUB: VHN-151369

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-18900

AFFECTED PRODUCTS

vendor:ciscomodel:rv130wscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv215wscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv110wscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerrscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv215w wireless-n vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv110wscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv130wscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv215wscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv215w wireless-n vpn routerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2019-18900 // BID: 108848 // JVNDB: JVNDB-2019-005706 // NVD: CVE-2019-1897

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1897
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1897
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1897
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-18900
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-794
value: MEDIUM

Trust: 0.6

VULHUB: VHN-151369
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1897
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-18900
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-151369
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2019-1897
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-1897
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2019-18900 // VULHUB: VHN-151369 // JVNDB: JVNDB-2019-005706 // CNNVD: CNNVD-201906-794 // NVD: CVE-2019-1897 // NVD: CVE-2019-1897

PROBLEMTYPE DATA

problemtype:CWE-285

Trust: 1.9

problemtype:CWE-306

Trust: 1.1

sources: VULHUB: VHN-151369 // JVNDB: JVNDB-2019-005706 // NVD: CVE-2019-1897

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-794

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201906-794

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005706

PATCH
title:cisco-sa-20190619-rv-dosurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-dos
Trust: 0.8
title:Patch for Cisco RV110W, RV130W, and RV215W Licensing Issue Vulnerabilities (CNVD-2019-18900)url:https://www.cnvd.org.cn/patchInfo/show/164677
Trust: 0.6
title:Cisco RV110W , RV130W  and RV215W Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93944
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-18900 // 
            
            
            
            JVNDB: JVNDB-2019-005706 // 
            
            
            
            CNNVD: CNNVD-201906-794

EXTERNAL IDS
db:NVDid:CVE-2019-1897
Trust: 3.4
db:BIDid:108848
Trust: 2.0
db:TENABLEid:TRA-2019-29
Trust: 1.7
db:AUSCERTid:ESB-2019.2190
Trust: 1.2
db:JVNDBid:JVNDB-2019-005706
Trust: 0.8
db:CNNVDid:CNNVD-201906-794
Trust: 0.7
db:CNVDid:CNVD-2019-18900
Trust: 0.6
db:VULHUBid:VHN-151369
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-18900 // 
            
            
            
            VULHUB: VHN-151369 // 
            
            
            
            BID: 108848 // 
            
            
            
            JVNDB: JVNDB-2019-005706 // 
            
            
            
            CNNVD: CNNVD-201906-794 // 
            
            
            
            NVD: CVE-2019-1897

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos
Trust: 2.6
url:http://www.securityfocus.com/bid/108848
Trust: 2.3
url:https://www.tenable.com/security/research/tra-2019-29
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-1897
Trust: 1.4
url:https://www.auscert.org.au/bulletins/esb-2019.2190/
Trust: 1.2
url:http://www.cisco.com/
Trust: 0.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1897
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-18900 // 
            
            
            
            VULHUB: VHN-151369 // 
            
            
            
            BID: 108848 // 
            
            
            
            JVNDB: JVNDB-2019-005706 // 
            
            
            
            CNNVD: CNNVD-201906-794 // 
            
            
            
            NVD: CVE-2019-1897

CREDITS
Jacob Baines of Tenable, Inc. .
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201906-794

SOURCES
db:CNVDid:CNVD-2019-18900
db:VULHUBid:VHN-151369
db:BIDid:108848
db:JVNDBid:JVNDB-2019-005706
db:CNNVDid:CNNVD-201906-794
db:NVDid:CVE-2019-1897

LAST UPDATE DATE
2024-11-23T22:06:10.343000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-18900date:2019-06-24T00:00:00
db:VULHUBid:VHN-151369date:2020-10-16T00:00:00
db:BIDid:108848date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005706date:2019-06-26T00:00:00
db:CNNVDid:CNNVD-201906-794date:2020-10-21T00:00:00
db:NVDid:CVE-2019-1897date:2024-11-21T04:37:38.470

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-18900date:2019-06-24T00:00:00
db:VULHUBid:VHN-151369date:2019-06-20T00:00:00
db:BIDid:108848date:2019-06-19T00:00:00
db:JVNDBid:JVNDB-2019-005706date:2019-06-26T00:00:00
db:CNNVDid:CNNVD-201906-794date:2019-06-20T00:00:00
db:NVDid:CVE-2019-1897date:2019-06-20T03:15:12.353