ID

VAR-202102-0566


CVE

CVE-2021-1295


TITLE

plural  Cisco Small Business RV  Assumed to be immutable in the router  Web  Parameter external control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003100

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. plural Cisco Small Business RV The router is assumed to be immutable Web There is a vulnerability related to external control of parameters.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-1295 // JVNDB: JVNDB-2021-003100 // VULMON: CVE-2021-1295

AFFECTED PRODUCTS

vendor:ciscomodel:rv260 vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv260w wireless-ac vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv260p vpn router with poescope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv160 vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv160w wireless-ac vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:シスコシステムズmodel:rv260w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260p vpn router with poescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260 vpn routerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003100 // NVD: CVE-2021-1295

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-1295
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-202102-340
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-1295
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1295
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

NVD: CVE-2021-1295
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-1295
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2021-1295 // JVNDB: JVNDB-2021-003100 // CNNVD: CNNVD-202102-340 // NVD: CVE-2021-1295

PROBLEMTYPE DATA

problemtype:CWE-472

Trust: 1.0

problemtype:Assumed to be immutable Web External control of parameters (CWE-472) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003100 // NVD: CVE-2021-1295

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-340

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-340

CONFIGURATIONS

sources: NVD: CVE-2021-1295

PATCH

title:cisco-sa-rv160-260-rce-XZeFkNHfurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv160-260-rce-xzefknhf

Trust: 0.8

title:Cisco Small Business Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140562

Trust: 0.6

title:Cisco: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv160-260-rce-xzefknhf

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-flaws-vpn-routers-rce/163662/

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/02/05/cisco_critical_rv_vpn_router_bugs/

Trust: 0.1

sources: VULMON: CVE-2021-1295 // JVNDB: JVNDB-2021-003100 // CNNVD: CNNVD-202102-340

EXTERNAL IDS

db:NVDid:CVE-2021-1295

Trust: 2.5

db:JVNDBid:JVNDB-2021-003100

Trust: 0.8

db:CNNVDid:CNNVD-202102-340

Trust: 0.6

db:VULMONid:CVE-2021-1295

Trust: 0.1

sources: VULMON: CVE-2021-1295 // JVNDB: JVNDB-2021-003100 // CNNVD: CNNVD-202102-340 // NVD: CVE-2021-1295

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv160-260-rce-xzefknhf

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1295

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/472.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/cisco-flaws-vpn-routers-rce/163662/

Trust: 0.1

sources: VULMON: CVE-2021-1295 // JVNDB: JVNDB-2021-003100 // CNNVD: CNNVD-202102-340 // NVD: CVE-2021-1295

SOURCES

db:VULMONid:CVE-2021-1295
db:JVNDBid:JVNDB-2021-003100
db:CNNVDid:CNNVD-202102-340
db:NVDid:CVE-2021-1295

LAST UPDATE DATE

2022-05-04T10:14:51.509000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-1295date:2021-02-08T00:00:00
db:JVNDBid:JVNDB-2021-003100date:2021-10-18T08:03:00
db:CNNVDid:CNNVD-202102-340date:2021-02-09T00:00:00
db:NVDid:CVE-2021-1295date:2021-02-08T16:17:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-1295date:2021-02-04T00:00:00
db:JVNDBid:JVNDB-2021-003100date:2021-10-18T00:00:00
db:CNNVDid:CNNVD-202102-340date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1295date:2021-02-04T17:15:00