CVE-2019-15957 — Improper Input Validation in Cisco Rv016 Multi-wan VPN Firmware

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.2HIGHNVD

EPSS

1.1%

top 21.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv016 Multi-wan VPN Firmware Cisco Rv042 Dual WAN VPN Cisco Rv042g Dual Gigabit WAN VPN Firmware +4 more

Timeline

PublishedSep 23

Latest updateMay 24

Description

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-bas…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwaren/a

▶NVDcisco/rv320_firmware< 1.5.1.05

▶NVDcisco/rv325_firmware< 1.5.1.05

▶NVDcisco/rv042_dual_wan_vpn< 4.2.3.10

▶NVDcisco/rv016_multi-wan_vpn_firmware< 4.2.3.10

🔴Vulnerability Details

GHSA

GHSA-9rmc-v2wh-vw8c: A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker↗2022-05-24

▶

CVEList

Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability↗2020-09-23

▶

📋Vendor Advisories

Cisco

Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability↗2019-11-06

▶