CVE-2021-1297 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2021-1297?

CVE-2021-1297 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-1297?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv160W Wireless-Ac Vpn Router Firmware, Cisco Rv160W Wireless-Ac Vpn Router, Cisco Rv260 Vpn Router Firmware, Cisco Rv260 Vpn Router, Cisco Rv260P Vpn Router With Poe Firmware.

Vulnerability Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by using the web-based management interface to upload a file to location on an affected device that they should not have access to. A successful exploit could allow the attacker to overwrite files on the file system of the affected device.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Rv160W Wireless-Ac Vpn Router Firmware	< 1.0.01.02
Cisco	Rv160W Wireless-Ac Vpn Router	-
Cisco	Rv260 Vpn Router Firmware	< 1.0.01.02
Cisco	Rv260 Vpn Router	-
Cisco	Rv260P Vpn Router With Poe Firmware	< 1.0.01.02
Cisco	Rv260P Vpn Router With Poe	-
Cisco	Rv260W Wireless-Ac Vpn Router Firmware	< 1.0.01.02
Cisco	Rv260W Wireless-Ac Vpn Router	-
Cisco	Rv160 Vpn Router Firmware	< 1.0.01.02
Cisco	Rv160 Vpn Router	-

Related Weaknesses (CWE)

CWE-22 CWE-36

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rVendor Advisory

FAQ

What is CVE-2021-1297?

CVE-2021-1297 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to conduct d...

How severe is CVE-2021-1297?

CVE-2021-1297 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-1297?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Rv160W Wireless-Ac Vpn Router Firmware, Cisco Rv160W Wireless-Ac Vpn Router, Cisco Rv260 Vpn Router Firmware, Cisco Rv260 Vpn Router, Cisco Rv260P Vpn Router With Poe Firmware.