Details of VAR-201906-0689

ID

VAR-201906-0689

CVE

CVE-2019-1898

TITLE

plural Cisco Vulnerabilities related to authorization in routers

Trust: 0.8

sources: JVNDB: JVNDB-2019-005707

DESCRIPTION

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file. The Cisco\302\256 RV110W and so on are all VPN firewall routers from Cisco. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions

Trust: 2.61

sources: NVD: CVE-2019-1898 // JVNDB: JVNDB-2019-005707 // CNVD: CNVD-2019-18901 // BID: 108865 // VULHUB: VHN-151380 // VULMON: CVE-2019-1898

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-18901

AFFECTED PRODUCTS

vendor:	cisco	model:	rv130w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv130w wireless-n multifunction vpn routerr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv110w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv130w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv215w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2019-18901 // BID: 108865 // JVNDB: JVNDB-2019-005707 // NVD: CVE-2019-1898

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1898
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1898
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1898
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-18901
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-796
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-151380
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-1898
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1898
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-18901
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-151380
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1898
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1898
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-18901 // VULHUB: VHN-151380 // VULMON: CVE-2019-1898 // JVNDB: JVNDB-2019-005707 // CNNVD: CNNVD-201906-796 // NVD: CVE-2019-1898 // NVD: CVE-2019-1898

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.9
problemtype:	CWE-425	Trust: 1.1

sources: VULHUB: VHN-151380 // JVNDB: JVNDB-2019-005707 // NVD: CVE-2019-1898

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-796

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201906-796

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005707

PATCH

title:	cisco-sa-20190619-rv-fileaccess	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess	Trust: 0.8
title:	Patch for CiscoRV110W, RV130W, and RV215W Authorization Issue Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/164675	Trust: 0.6
title:	Cisco RV110W , RV130W and RV215W Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93946	Trust: 0.6
title:	Cisco: Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190619-rv-fileaccess	Trust: 0.1

sources: CNVD: CNVD-2019-18901 // VULMON: CVE-2019-1898 // JVNDB: JVNDB-2019-005707 // CNNVD: CNNVD-201906-796

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1898	Trust: 3.5
db:	BID	id:	108865	Trust: 2.1
db:	TENABLE	id:	TRA-2019-29	Trust: 1.8
db:	AUSCERT	id:	ESB-2019.2190	Trust: 1.2
db:	JVNDB	id:	JVNDB-2019-005707	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-796	Trust: 0.7
db:	CNVD	id:	CNVD-2019-18901	Trust: 0.6
db:	VULHUB	id:	VHN-151380	Trust: 0.1
db:	VULMON	id:	CVE-2019-1898	Trust: 0.1

sources: CNVD: CNVD-2019-18901 // VULHUB: VHN-151380 // VULMON: CVE-2019-1898 // BID: 108865 // JVNDB: JVNDB-2019-005707 // CNNVD: CNNVD-201906-796 // NVD: CVE-2019-1898

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess	Trust: 2.8
url:	http://www.securityfocus.com/bid/108865	Trust: 2.5
url:	https://www.tenable.com/security/research/tra-2019-29	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1898	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2019.2190/	Trust: 1.2
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1898	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/425.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2019-18901 // VULHUB: VHN-151380 // VULMON: CVE-2019-1898 // BID: 108865 // JVNDB: JVNDB-2019-005707 // CNNVD: CNNVD-201906-796 // NVD: CVE-2019-1898

CREDITS

Jacob Baines of Tenable, Inc. .

Trust: 0.6

sources: CNNVD: CNNVD-201906-796

SOURCES

db:	CNVD	id:	CNVD-2019-18901
db:	VULHUB	id:	VHN-151380
db:	VULMON	id:	CVE-2019-1898
db:	BID	id:	108865
db:	JVNDB	id:	JVNDB-2019-005707
db:	CNNVD	id:	CNNVD-201906-796
db:	NVD	id:	CVE-2019-1898

LAST UPDATE DATE

2024-11-23T22:06:10.379000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-18901	date:	2019-06-24T00:00:00
db:	VULHUB	id:	VHN-151380	date:	2020-10-16T00:00:00
db:	VULMON	id:	CVE-2019-1898	date:	2020-10-16T00:00:00
db:	BID	id:	108865	date:	2019-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-005707	date:	2019-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201906-796	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2019-1898	date:	2024-11-21T04:37:38.620

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-18901	date:	2019-06-24T00:00:00
db:	VULHUB	id:	VHN-151380	date:	2019-06-20T00:00:00
db:	VULMON	id:	CVE-2019-1898	date:	2019-06-20T00:00:00
db:	BID	id:	108865	date:	2019-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-005707	date:	2019-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201906-796	date:	2019-06-20T00:00:00
db:	NVD	id:	CVE-2019-1898	date:	2019-06-20T03:15:12.433