Details of VAR-201906-0690

ID

VAR-201906-0690

CVE

CVE-2019-1899

TITLE

plural Cisco Vulnerabilities related to authorization in routers

Trust: 0.8

sources: JVNDB: JVNDB-2019-005708

DESCRIPTION

A vulnerability in the web interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to acquire the list of devices that are connected to the guest network. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web interface of the router. The Cisco RV110W and so on are all VPN firewall routers from Cisco. An attacker can exploit this issue to obtain sensitive information. This may lead to other attacks. This issue is being tracked by the Cisco Bug IDs CSCvo65058, CSCvo65061 and CSCvo65062

Trust: 2.52

sources: NVD: CVE-2019-1899 // JVNDB: JVNDB-2019-005708 // CNVD: CNVD-2019-25712 // BID: 108867 // VULHUB: VHN-151391

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-25712

AFFECTED PRODUCTS

vendor:	cisco	model:	rv130w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv130w wireless-n multifunction vpn routerr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv110w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv130w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv215w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2019-25712 // BID: 108867 // JVNDB: JVNDB-2019-005708 // NVD: CVE-2019-1899

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-1899
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2019-1899
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-1899
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-25712
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201906-801
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-151391
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-1899
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-25712
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-151391
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ykramarz@cisco.com:	CVE-2019-1899
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-1899
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2019-25712 // VULHUB: VHN-151391 // JVNDB: JVNDB-2019-005708 // CNNVD: CNNVD-201906-801 // NVD: CVE-2019-1899 // NVD: CVE-2019-1899

PROBLEMTYPE DATA

problemtype:	CWE-285	Trust: 1.9
problemtype:	CWE-425	Trust: 1.1

sources: VULHUB: VHN-151391 // JVNDB: JVNDB-2019-005708 // NVD: CVE-2019-1899

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-801

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201906-801

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-005708

PATCH

title:	cisco-sa-20190619-rv-infodis	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-infodis	Trust: 0.8
title:	Patch for Cisco RV110W, RV130W, and RV215W Licensing Issue Vulnerabilities (CNVD-2019-25712)	url:	https://www.cnvd.org.cn/patchInfo/show/172971	Trust: 0.6
title:	Cisco RV110W , RV130W and RV215W Routers Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=93951	Trust: 0.6

sources: CNVD: CNVD-2019-25712 // JVNDB: JVNDB-2019-005708 // CNNVD: CNNVD-201906-801

EXTERNAL IDS

db:	NVD	id:	CVE-2019-1899	Trust: 3.4
db:	BID	id:	108867	Trust: 2.6
db:	TENABLE	id:	TRA-2019-29	Trust: 1.7
db:	AUSCERT	id:	ESB-2019.2190	Trust: 1.2
db:	JVNDB	id:	JVNDB-2019-005708	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-801	Trust: 0.7
db:	CNVD	id:	CNVD-2019-25712	Trust: 0.6
db:	VULHUB	id:	VHN-151391	Trust: 0.1

sources: CNVD: CNVD-2019-25712 // VULHUB: VHN-151391 // BID: 108867 // JVNDB: JVNDB-2019-005708 // CNNVD: CNNVD-201906-801 // NVD: CVE-2019-1899

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-infodis	Trust: 3.2
url:	http://www.securityfocus.com/bid/108867	Trust: 2.9
url:	https://www.tenable.com/security/research/tra-2019-29	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-1899	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2019.2190/	Trust: 1.2
url:	http://www.cisco.com/	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1899	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rvrouters-dos	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190619-rv-fileaccess	Trust: 0.6

sources: CNVD: CNVD-2019-25712 // VULHUB: VHN-151391 // BID: 108867 // JVNDB: JVNDB-2019-005708 // CNNVD: CNNVD-201906-801 // NVD: CVE-2019-1899

CREDITS

Jacob Baines of Tenable, Inc. .

Trust: 0.6

sources: CNNVD: CNNVD-201906-801

SOURCES

db:	CNVD	id:	CNVD-2019-25712
db:	VULHUB	id:	VHN-151391
db:	BID	id:	108867
db:	JVNDB	id:	JVNDB-2019-005708
db:	CNNVD	id:	CNNVD-201906-801
db:	NVD	id:	CVE-2019-1899

LAST UPDATE DATE

2024-11-23T22:06:10.271000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-25712	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-151391	date:	2020-10-16T00:00:00
db:	BID	id:	108867	date:	2019-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-005708	date:	2019-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201906-801	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2019-1899	date:	2024-11-21T04:37:38.757

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-25712	date:	2019-08-02T00:00:00
db:	VULHUB	id:	VHN-151391	date:	2019-06-20T00:00:00
db:	BID	id:	108867	date:	2019-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2019-005708	date:	2019-06-26T00:00:00
db:	CNNVD	id:	CNNVD-201906-801	date:	2019-06-20T00:00:00
db:	NVD	id:	CVE-2019-1899	date:	2019-06-20T03:15:12.480