CVE-2019-15990 — Improper Authorization in Cisco Small Business RV Series Router Firmware

CWE-285 — Improper Authorization4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 45.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Small Business RV Series Router Firmware Cisco Rv016 Multi-wan VPN Firmware Cisco Rv042 Dual WAN VPN Firmware +2 more

Timeline

PublishedNov 26

Latest updateMay 24

Description

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displ…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwareunspecified — n/a

▶NVDcisco/rv042_dual_wan_vpn_firmware< 4.2.3.10

▶NVDcisco/rv082_dual_wan_vpn_firmware< 4.2.3.10

▶NVDcisco/rv016_multi-wan_vpn_firmware< 4.2.3.10

▶NVDcisco/rv042g_dual_gigabit_wan_vpn_firmware< 4.2.3.10

🔴Vulnerability Details

GHSA

GHSA-89q8-rgqc-jpf8: A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacke↗2022-05-24

▶

CVEList

Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability↗2019-11-26

▶

📋Vendor Advisories

Cisco

Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability↗2019-11-20

▶