ID

VAR-202108-0327


CVE

CVE-2021-1602


TITLE

Remote command execution vulnerability in Cisco Small Business RV160 and RV260 series VPN routers

Trust: 0.6

sources: CNVD: CNVD-2021-59764

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Due to the nature of the vulnerability, only commands without parameters can be executed. Cisco Small Business RV160 and RV260 are routers. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-1602 // CNVD: CNVD-2021-59764 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1602

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-59764

AFFECTED PRODUCTS

vendor:ciscomodel:small business rv series routerscope:ltversion:1.0.01.04

Trust: 1.0

vendor:ciscomodel:rv160 vpn routersscope:ltversion:1.0.01.04

Trust: 0.6

vendor:ciscomodel:rv160w wireless-ac vpn routersscope:ltversion:1.0.01.04

Trust: 0.6

vendor:ciscomodel:rv260 vpn routersscope:ltversion:1.0.01.04

Trust: 0.6

vendor:ciscomodel:rv260p vpn router with poescope:ltversion:1.0.01.04

Trust: 0.6

vendor:ciscomodel:rv260w wireless-ac vpn routersscope:ltversion:1.0.01.04

Trust: 0.6

sources: CNVD: CNVD-2021-59764 // NVD: CVE-2021-1602

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1602
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1602
value: HIGH

Trust: 1.0

CNVD: CNVD-2021-59764
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-378
value: CRITICAL

Trust: 0.6

VULMON: CVE-2021-1602
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1602
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-59764
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1602
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1602
baseSeverity: HIGH
baseScore: 8.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2021-59764 // VULMON: CVE-2021-1602 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-378 // NVD: CVE-2021-1602 // NVD: CVE-2021-1602

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

sources: NVD: CVE-2021-1602

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-378

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Patch for Remote command execution vulnerability in Cisco Small Business RV160 and RV260 series VPN routersurl:https://www.cnvd.org.cn/patchInfo/show/288786

Trust: 0.6

title:Cisco Small Business Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159678

Trust: 0.6

title:Cisco: Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-code-execution-9UVJr7k4

Trust: 0.1

title:Threatposturl:https://threatpost.com/critical-cisco-bug-vpn-routers/168449/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-high-severity-pre-auth-flaws-in-vpn-routers/

Trust: 0.1

sources: CNVD: CNVD-2021-59764 // VULMON: CVE-2021-1602 // CNNVD: CNNVD-202108-378

EXTERNAL IDS

db:NVDid:CVE-2021-1602

Trust: 2.3

db:CNVDid:CNVD-2021-59764

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2627

Trust: 0.6

db:CS-HELPid:SB2021080514

Trust: 0.6

db:CNNVDid:CNNVD-202108-378

Trust: 0.6

db:VULMONid:CVE-2021-1602

Trust: 0.1

sources: CNVD: CNVD-2021-59764 // VULMON: CVE-2021-1602 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-378 // NVD: CVE-2021-1602

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-code-execution-9uvjr7k4

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1602

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021080514

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2627

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/critical-cisco-bug-vpn-routers/168449/

Trust: 0.1

sources: CNVD: CNVD-2021-59764 // VULMON: CVE-2021-1602 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-378 // NVD: CVE-2021-1602

SOURCES

db:CNVDid:CNVD-2021-59764
db:VULMONid:CVE-2021-1602
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-378
db:NVDid:CVE-2021-1602

LAST UPDATE DATE

2024-08-14T13:06:31.785000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-59764date:2021-09-01T00:00:00
db:VULMONid:CVE-2021-1602date:2021-08-11T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-378date:2021-08-12T00:00:00
db:NVDid:CVE-2021-1602date:2023-11-07T03:28:45.460

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-59764date:2021-08-09T00:00:00
db:VULMONid:CVE-2021-1602date:2021-08-04T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-378date:2021-08-04T00:00:00
db:NVDid:CVE-2021-1602date:2021-08-04T18:15:08.787