ID

VAR-202009-1552


CVE

CVE-2019-15957


TITLE

plural  Cisco Small Business RV  Series router   Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-016045

DESCRIPTION

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user. plural Cisco Small Business RV Series router Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2019-15957 // JVNDB: JVNDB-2019-016045

AFFECTED PRODUCTS

vendor:ciscomodel:rv042g dual gigabit wan vpnscope:ltversion:4.2.3.10

Trust: 1.0

vendor:ciscomodel:rv082 dual wan vpn routerscope:ltversion:4.2.3.10

Trust: 1.0

vendor:ciscomodel:rv042 dual wan vpnscope:ltversion:4.2.3.10

Trust: 1.0

vendor:ciscomodel:rv320scope:ltversion:1.5.1.05

Trust: 1.0

vendor:ciscomodel:rv325scope:ltversion:1.5.1.05

Trust: 1.0

vendor:ciscomodel:rv016 multi-wan vpnscope:ltversion:4.2.3.10

Trust: 1.0

vendor:シスコシステムズmodel:rv016 multi-wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042g dual gigabit wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv082 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv320 dual gigabit wan vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv325 dual gigabit wan vpn routerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-016045 // NVD: CVE-2019-15957

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15957
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15957
value: HIGH

Trust: 1.0

NVD: CVE-2019-15957
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201911-370
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2019-15957
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ykramarz@cisco.com: CVE-2019-15957
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15957
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: JVNDB: JVNDB-2019-016045 // CNNVD: CNNVD-201911-370 // NVD: CVE-2019-15957 // NVD: CVE-2019-15957

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-016045 // NVD: CVE-2019-15957

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-370

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-370

PATCH

title:cisco-sa-20191106-sbr-cominjurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbr-cominj

Trust: 0.8

title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102391

Trust: 0.6

sources: JVNDB: JVNDB-2019-016045 // CNNVD: CNNVD-201911-370

EXTERNAL IDS

db:NVDid:CVE-2019-15957

Trust: 2.4

db:JVNDBid:JVNDB-2019-016045

Trust: 0.8

db:AUSCERTid:ESB-2019.4185

Trust: 0.6

db:CNNVDid:CNNVD-201911-370

Trust: 0.6

sources: JVNDB: JVNDB-2019-016045 // CNNVD: CNNVD-201911-370 // NVD: CVE-2019-15957

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191106-sbr-cominj

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15957

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191106-rv32x

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4185/

Trust: 0.6

sources: JVNDB: JVNDB-2019-016045 // CNNVD: CNNVD-201911-370 // NVD: CVE-2019-15957

SOURCES

db:JVNDBid:JVNDB-2019-016045
db:CNNVDid:CNNVD-201911-370
db:NVDid:CVE-2019-15957

LAST UPDATE DATE

2024-11-23T21:35:18.194000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2019-016045date:2021-04-19T07:59:00
db:CNNVDid:CNNVD-201911-370date:2020-10-09T00:00:00
db:NVDid:CVE-2019-15957date:2024-11-21T04:29:49.210

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2019-016045date:2021-04-19T00:00:00
db:CNNVDid:CNNVD-201911-370date:2019-11-06T00:00:00
db:NVDid:CVE-2019-15957date:2020-09-23T01:15:12.787