CVE-2019-1653 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Rv320 Firmware	1.4.2.15
Cisco	Rv320	-
Cisco	Rv325 Firmware	1.4.2.15
Cisco	Rv325	-

Related Weaknesses (CWE)

CWE-284

References

http://packetstormsecurity.com/files/152260/Cisco-RV320-Unauthenticated-ConfigurExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/152261/Cisco-RV320-Unauthenticated-DiagnostExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/152305/Cisco-RV320-RV325-Unauthenticated-ReThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2019/Mar/59ExploitMailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2019/Mar/60ExploitMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106732Third Party AdvisoryVDB Entry
https://badpackets.net/over-9000-cisco-rv320-rv325-routers-vulnerable-to-cve-201Third Party Advisory
https://seclists.org/bugtraq/2019/Mar/53Mailing ListThird Party Advisory
https://seclists.org/bugtraq/2019/Mar/54Mailing ListThird Party Advisory
https://threatpost.com/scans-cisco-routers-code-execution/141218/Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
https://www.exploit-db.com/exploits/46262/ExploitThird Party AdvisoryVDB Entry
https://www.exploit-db.com/exploits/46655/Third Party AdvisoryVDB Entry
https://www.youtube.com/watch?v=bx0RQJDlGbYThird Party Advisory
https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-uThird Party Advisory

FAQ

What is CVE-2019-1653?

CVE-2019-1653 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive informa...

How severe is CVE-2019-1653?

CVE-2019-1653 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1653?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv320 Firmware, Cisco Rv320, Cisco Rv325 Firmware, Cisco Rv325.