Details of VAR-202108-0327

ID

VAR-202108-0327

CVE

CVE-2021-1602

TITLE

Remote command execution vulnerability in Cisco Small Business RV160 and RV260 series VPN routers

Trust: 0.6

sources: CNVD: CNVD-2021-59764

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed. Cisco Small Business RV160 and RV260 are routers. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-1602 // CNVD: CNVD-2021-59764 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1602

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-59764

AFFECTED PRODUCTS

vendor:	cisco	model:	small business rv series router	scope:	lt	version:	1.0.01.04	Trust: 1.0
vendor:	cisco	model:	rv160 vpn routers	scope:	lt	version:	1.0.01.04	Trust: 0.6
vendor:	cisco	model:	rv160w wireless-ac vpn routers	scope:	lt	version:	1.0.01.04	Trust: 0.6
vendor:	cisco	model:	rv260 vpn routers	scope:	lt	version:	1.0.01.04	Trust: 0.6
vendor:	cisco	model:	rv260p vpn router with poe	scope:	lt	version:	1.0.01.04	Trust: 0.6
vendor:	cisco	model:	rv260w wireless-ac vpn routers	scope:	lt	version:	1.0.01.04	Trust: 0.6

sources: CNVD: CNVD-2021-59764 // NVD: CVE-2021-1602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1602
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1602
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2021-59764
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202108-378
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-1602
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1602
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-59764
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-1602
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2021-1602
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-59764 // VULMON: CVE-2021-1602 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-378 // NVD: CVE-2021-1602 // NVD: CVE-2021-1602

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-78	Trust: 1.0

sources: NVD: CVE-2021-1602

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-378

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	Patch for Remote command execution vulnerability in Cisco Small Business RV160 and RV260 series VPN routers	url:	https://www.cnvd.org.cn/patchInfo/show/288786	Trust: 0.6
title:	Cisco Small Business Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159678	Trust: 0.6
title:	Cisco: Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-code-execution-9UVJr7k4	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/critical-cisco-bug-vpn-routers/168449/	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-high-severity-pre-auth-flaws-in-vpn-routers/	Trust: 0.1

sources: CNVD: CNVD-2021-59764 // VULMON: CVE-2021-1602 // CNNVD: CNNVD-202108-378

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1602	Trust: 2.3
db:	CNVD	id:	CNVD-2021-59764	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2627	Trust: 0.6
db:	CS-HELP	id:	SB2021080514	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-378	Trust: 0.6
db:	VULMON	id:	CVE-2021-1602	Trust: 0.1

sources: CNVD: CNVD-2021-59764 // VULMON: CVE-2021-1602 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-378 // NVD: CVE-2021-1602

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-code-execution-9uvjr7k4	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1602	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021080514	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2627	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/critical-cisco-bug-vpn-routers/168449/	Trust: 0.1

sources: CNVD: CNVD-2021-59764 // VULMON: CVE-2021-1602 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-378 // NVD: CVE-2021-1602

SOURCES

db:	CNVD	id:	CNVD-2021-59764
db:	VULMON	id:	CVE-2021-1602
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202108-378
db:	NVD	id:	CVE-2021-1602

LAST UPDATE DATE

2024-08-14T13:06:31.785000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-59764	date:	2021-09-01T00:00:00
db:	VULMON	id:	CVE-2021-1602	date:	2021-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202108-378	date:	2021-08-12T00:00:00
db:	NVD	id:	CVE-2021-1602	date:	2023-11-07T03:28:45.460

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-59764	date:	2021-08-09T00:00:00
db:	VULMON	id:	CVE-2021-1602	date:	2021-08-04T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202108-378	date:	2021-08-04T00:00:00
db:	NVD	id:	CVE-2021-1602	date:	2021-08-04T18:15:08.787