CVE-2019-1652 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2019-1652?

CVE-2019-1652 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-1652?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv320 Firmware, Cisco Rv320, Cisco Rv325 Firmware, Cisco Rv325.

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Rv320 Firmware	>= 1.4.2.15, < 1.4.2.22
Cisco	Rv320	-
Cisco	Rv325 Firmware	>= 1.4.2.15, < 1.4.2.22
Cisco	Rv325	-

Related Weaknesses (CWE)

CWE-20 CWE-78

References

http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.htmlExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-ReThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2019/Mar/61ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106728Third Party AdvisoryVDB Entry
https://seclists.org/bugtraq/2019/Mar/55ExploitMailing ListThird Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
https://www.exploit-db.com/exploits/46243/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/46655/ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/152262/Cisco-RV320-Command-Injection.htmlExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-ReThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2019/Mar/61ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106728Third Party AdvisoryVDB Entry
https://seclists.org/bugtraq/2019/Mar/55ExploitMailing ListThird Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
https://www.exploit-db.com/exploits/46243/ExploitThird Party AdvisoryVDB Entry

FAQ

What is CVE-2019-1652?

CVE-2019-1652 is a vulnerability with a CVSS score of 7.2 (HIGH). A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges ...

How severe is CVE-2019-1652?

CVE-2019-1652 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1652?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv320 Firmware, Cisco Rv320, Cisco Rv325 Firmware, Cisco Rv325.