CVE-2021-1294
published 2021-02-04CVE-2021-1294: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.18%
89.7th percentile
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | rv160_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv160w_wireless-ac_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv260_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv260p_vpn_router_with_poe_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv260w_wireless-ac_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | small_business_rv160_rv160w_rv260_rv260p_and_rv260w_vpn_routers | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted HTTP request to the web-based management interface of affected Cisco Small Business RV160/RV260 series routers; monitor for anomalous or malformed HTTP requests targeting the management interface from unauthenticated sources. ↗
- →Successful exploitation results in remote code execution as root; look for unexpected root-level process spawning from the web server process on affected Cisco RV160/RV260 devices. ↗
- →The vulnerability class is improper validation of HTTP requests (CWE-472); inspect HTTP requests to the management interface for unexpected or unsanitized input that may indicate exploitation attempts. ↗
- ·Affected devices are Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers; ensure detection rules are scoped to these specific device models. ↗
- ·The attacker requires no authentication to exploit this vulnerability; perimeter controls blocking unauthenticated access to the management interface are a critical mitigation. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
vendor_cisco·2021-02-03·CVSS 9.8
CVE-2021-1289 [CRITICAL] CWE-472 Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.
These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these
Cisco
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-1294 Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
CVE-2021-1294: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Cisco has released software updates that address these vulnerabilities. There are no
CVSS: 3.1
CWE: CW
GHSA
GHSA-8899-pjpj-8p5v: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allo
ghsa_unreviewed·2022-05-24
CVE-2021-1294 [CRITICAL] CWE-472 GHSA-8899-pjpj-8p5v: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allo
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader
blogs_talos·2021-07-27·CVSS 8.8
CVE-2021-21831 [HIGH] Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader
## Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple use-after-free vulnerabilities in the Foxit PDF Reader.
Foxit PDF Reader is one of the most popular PDF document readers currently available. As a complete and feature-rich PDF reader, it supports JavaScript for interactive documents and dynamic forms.
TALOS-2021-1294 (CVE-2021-21831), TALOS-2021-1307 (CVE-2021-21870) and TALOS-2021-1336 (CVE-2021-21893) are all use-after-free vulnerabilities that exist in the PDF Reader that could lead to an adversary gaining the ability to execute arbitrary code on the victim machine. An attacker needs to trick a user into opening a specially craft
Talos
Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader
blogs_talos·2021-07-27·CVSS 8.8
CVE-2021-21831 [HIGH] Vulnerability Spotlight: Use-after-free vulnerabilities in Foxit PDF Reader
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple use-after-free vulnerabilities in the Foxit PDF Reader.
Foxit PDF Reader is one of the most popular PDF document readers currently available. As a complete and feature-rich PDF reader, it supports JavaScript for interactive documents and dynamic forms.
TALOS-2021-1294 (CVE-2021-21831), TALOS-2021-1307 (CVE-2021-21870) and TALOS-2021-1336 (CVE-2021-21893) are all use-after-free vulnerabilities that exist in the PDF Reader that could lead to an adversary gaining the ability to execute arbitrary code on the victim machine. An attacker needs to trick a user into opening a specially crafted, malicious PDF to exploit these vulnerabilities.
Cisco Talos worked with Fox
2021-02-04
Published