1. Home
  2. CVE Database
  3. CVE-2019-1724
HIGH · 8.8

CVE-2019-1724

A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker...

Vulnerability Description

A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session. The vulnerability is due to a lack of proper session management controls. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted device. A successful exploit could allow the attacker to take control of an existing user session on the device. Exploitation of the vulnerability requires that an authorized user session is active and that the attacker can craft an HTTP request to impersonate that session.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoRv325 Dual Wan Gigabit Vpn Router Firmware1.3.1.12
CiscoRv325 Dual Wan Gigabit Vpn Router-
CiscoRv320 Dual Gigabit Wan Vpn Router Software1.3.1.12
CiscoRv320 Dual Gigabit Wan Vpn Router-

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2019-1724?

CVE-2019-1724 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker...

How severe is CVE-2019-1724?

CVE-2019-1724 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-1724?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv325 Dual Wan Gigabit Vpn Router Firmware, Cisco Rv325 Dual Wan Gigabit Vpn Router, Cisco Rv320 Dual Gigabit Wan Vpn Router Software, Cisco Rv320 Dual Gigabit Wan Vpn Router.