ID

VAR-202102-0568


CVE

CVE-2021-1297


TITLE

plural  Cisco Small Business RV  Absolute Path Traversal Vulnerability in Routers

Trust: 0.8

sources: JVNDB: JVNDB-2021-003101

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device. plural Cisco Small Business RV A router contains a vulnerability related to absolute path traversal.Information may be tampered with. This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV16x and RV26x routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the web service, which listens on TCP port 443 by default. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create files in the context of root

Trust: 2.34

sources: NVD: CVE-2021-1297 // JVNDB: JVNDB-2021-003101 // ZDI: ZDI-21-135 // VULMON: CVE-2021-1297

AFFECTED PRODUCTS

vendor:ciscomodel:rv260 vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv260w wireless-ac vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv260p vpn router with poescope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv160 vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:ciscomodel:rv160w wireless-ac vpn routerscope:ltversion:1.0.01.02

Trust: 1.0

vendor:シスコシステムズmodel:rv260w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160w wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv160 vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260p vpn router with poescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv260 vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:multiple routersscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-135 // JVNDB: JVNDB-2021-003101 // NVD: CVE-2021-1297

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-1297
value: HIGH

Trust: 1.8

ZDI: CVE-2021-1297
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202102-330
value: HIGH

Trust: 0.6

NVD: CVE-2021-1297
severity: HIGH
baseScore: 9.4
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2021-1297
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-1297
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-1297
baseSeverity: HIGH
baseScore: 8.8
vectorString: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-135 // JVNDB: JVNDB-2021-003101 // CNNVD: CNNVD-202102-330 // NVD: CVE-2021-1297

PROBLEMTYPE DATA

problemtype:CWE-36

Trust: 1.0

problemtype:Absolute past traversal (CWE-36) [ Other ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003101 // NVD: CVE-2021-1297

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-330

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202102-330

CONFIGURATIONS

sources: NVD: CVE-2021-1297

PATCH

title:Cisco has issued an update to correct this vulnerability.url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv160-260-filewrite-7x9mnkjn

Trust: 1.5

title:Multiple Cisco Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140552

Trust: 0.6

title:Cisco: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Arbitrary File Write Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv160-260-filewrite-7x9mnkjn

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-flaws-vpn-routers-rce/163662/

Trust: 0.1

title: - url:https://www.theregister.co.uk/2021/02/05/cisco_critical_rv_vpn_router_bugs/

Trust: 0.1

sources: ZDI: ZDI-21-135 // VULMON: CVE-2021-1297 // JVNDB: JVNDB-2021-003101 // CNNVD: CNNVD-202102-330

EXTERNAL IDS

db:NVDid:CVE-2021-1297

Trust: 3.2

db:JVNDBid:JVNDB-2021-003101

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-11716

Trust: 0.7

db:ZDIid:ZDI-21-135

Trust: 0.7

db:CNNVDid:CNNVD-202102-330

Trust: 0.6

db:VULMONid:CVE-2021-1297

Trust: 0.1

sources: ZDI: ZDI-21-135 // VULMON: CVE-2021-1297 // JVNDB: JVNDB-2021-003101 // CNNVD: CNNVD-202102-330 // NVD: CVE-2021-1297

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv160-260-filewrite-7x9mnkjn

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1297

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/36.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/196124

Trust: 0.1

url:https://threatpost.com/cisco-flaws-vpn-routers-rce/163662/

Trust: 0.1

sources: ZDI: ZDI-21-135 // VULMON: CVE-2021-1297 // JVNDB: JVNDB-2021-003101 // CNNVD: CNNVD-202102-330 // NVD: CVE-2021-1297

CREDITS

T Shiomitsu

Trust: 0.7

sources: ZDI: ZDI-21-135

SOURCES

db:ZDIid:ZDI-21-135
db:VULMONid:CVE-2021-1297
db:JVNDBid:JVNDB-2021-003101
db:CNNVDid:CNNVD-202102-330
db:NVDid:CVE-2021-1297

LAST UPDATE DATE

2022-05-04T09:55:20.075000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-135date:2021-02-04T00:00:00
db:VULMONid:CVE-2021-1297date:2021-02-08T00:00:00
db:JVNDBid:JVNDB-2021-003101date:2021-10-18T08:03:00
db:CNNVDid:CNNVD-202102-330date:2021-02-09T00:00:00
db:NVDid:CVE-2021-1297date:2021-02-08T16:14:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-135date:2021-02-04T00:00:00
db:VULMONid:CVE-2021-1297date:2021-02-04T00:00:00
db:JVNDBid:JVNDB-2021-003101date:2021-10-18T00:00:00
db:CNNVDid:CNNVD-202102-330date:2021-02-03T00:00:00
db:NVDid:CVE-2021-1297date:2021-02-04T17:15:00