ID

VAR-202102-0567


CVE

CVE-2021-1296


TITLE

plural  Cisco Small Business RV  Absolute Path Traversal Vulnerability in Routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-003095

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. plural Cisco Small Business RV A router contains a vulnerability related to absolute path traversal.Information may be tampered with. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of root

Trust: 2.34

sources: NVD: CVE-2021-1296 // JVNDB: JVNDB-2021-003095 // ZDI: ZDI-21-134 // VULMON: CVE-2021-1296

AFFECTED PRODUCTS

vendor:ciscomodel:rv260 vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv260w wireless-ac vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv260p vpn router with poescope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv160 vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv160w wireless-ac vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:シスコシステムズmodel:rv260w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260p vpn router with poescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260 vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:multiple routersscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-134 // JVNDB: JVNDB-2021-003095 // NVD: CVE-2021-1296

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-1296
value: HIGH

Trust: 1.8

ZDI: CVE-2021-1296
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202102-333
value: HIGH

Trust: 0.6

NVD: CVE-2021-1296
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2021-1296
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-1296
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-1296
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-134 // JVNDB: JVNDB-2021-003095 // CNNVD: CNNVD-202102-333 // NVD: CVE-2021-1296

PROBLEMTYPE DATA

problemtype:CWE-36

Trust: 1.0

problemtype:Absolute past traversal (CWE-36) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003095 // NVD: CVE-2021-1296

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-333

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202102-333

CONFIGURATIONS

sources: NVD: CVE-2021-1296

PATCH

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv160-260-filewrite-7x9mnkjn

Trust: 1.5

title:Multiple Cisco Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140555

Trust: 0.6

title:Cisco: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv160-260-filewrite-7x9mnkjn

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-flaws-vpn-routers-rce/163662/

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/02/05/cisco_critical_rv_vpn_router_bugs/

Trust: 0.1

sources: ZDI: ZDI-21-134 // VULMON: CVE-2021-1296 // JVNDB: JVNDB-2021-003095 // CNNVD: CNNVD-202102-333

EXTERNAL IDS

db:NVDid:CVE-2021-1296

Trust: 3.2

db:JVNDBid:JVNDB-2021-003095

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11693

Trust: 0.7

db:ZDIid:ZDI-21-134

Trust: 0.7

db:CNNVDid:CNNVD-202102-333

Trust: 0.6

db:VULMONid:CVE-2021-1296

Trust: 0.1

sources: ZDI: ZDI-21-134 // VULMON: CVE-2021-1296 // JVNDB: JVNDB-2021-003095 // CNNVD: CNNVD-202102-333 // NVD: CVE-2021-1296

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv160-260-filewrite-7x9mnkjn

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1296

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/36.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/196122

Trust: 0.1

url:https://threatpost.com/cisco-flaws-vpn-routers-rce/163662/

Trust: 0.1

sources: ZDI: ZDI-21-134 // VULMON: CVE-2021-1296 // JVNDB: JVNDB-2021-003095 // CNNVD: CNNVD-202102-333 // NVD: CVE-2021-1296

CREDITS

T Shiomitsu

Trust: 0.7

sources: ZDI: ZDI-21-134

SOURCES

db:ZDIid:ZDI-21-134
db:VULMONid:CVE-2021-1296
db:JVNDBid:JVNDB-2021-003095
db:CNNVDid:CNNVD-202102-333
db:NVDid:CVE-2021-1296

LAST UPDATE DATE

2022-05-04T08:52:16.830000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-134date:2021-02-04T00:00:00
db:VULMONid:CVE-2021-1296date:2021-02-08T00:00:00
db:JVNDBid:JVNDB-2021-003095date:2021-10-18T08:03:00
db:CNNVDid:CNNVD-202102-333date:2021-02-09T00:00:00
db:NVDid:CVE-2021-1296date:2021-02-08T16:13:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-134date:2021-02-04T00:00:00
db:VULMONid:CVE-2021-1296date:2021-02-04T00:00:00
db:JVNDBid:JVNDB-2021-003095date:2021-10-18T00:00:00
db:CNNVDid:CNNVD-202102-333date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1296date:2021-02-04T17:15:00