CVE-2021-1295
published 2021-02-04CVE-2021-1295: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.24%
89.8th percentile
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | rv160_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv160w_wireless-ac_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv260_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv260p_vpn_router_with_poe_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | rv260w_wireless-ac_vpn_router_firmware | < 1.0.01.02 | 1.0.01.02 |
| cisco | small_business_rv160_rv160w_rv260_rv260p_and_rv260w_vpn_routers | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector targets the web-based management interface via crafted HTTP requests; monitor for anomalous or malformed HTTP requests to the management interface of Cisco RV160/RV160W/RV260/RV260P/RV260W routers ↗
- →Exploitation requires no authentication; alert on unauthenticated access attempts to the management interface of affected Cisco Small Business VPN routers ↗
- →Root-level code execution is the outcome; post-exploitation forensics should look for processes spawned as root from the web server/management daemon on affected devices ↗
- ·Vulnerabilities are due to improper validation of HTTP requests; no workaround is available — only software updates address the issue ↗
- ·Affected devices: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers; tracked under Cisco Bug IDs CSCvw13908, CSCvw13917, CSCvw19718 ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
vendor_cisco·2021-02-03·CVSS 9.8
CVE-2021-1289 [CRITICAL] CWE-472 Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.
These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these
Cisco
Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-1295 Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
CVE-2021-1295: Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers Remote Code Execution Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device. Cisco has released software updates that address these vulnerabilities. There are no
CVSS: 3.1
CWE: CW
GHSA
GHSA-679f-x4g5-488c: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allo
ghsa_unreviewed·2022-05-24
CVE-2021-1295 [CRITICAL] CWE-472 GHSA-679f-x4g5-488c: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allo
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.
GHSA
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
ghsa·2021-06-28
CVE-2021-31412 [MEDIUM] CWE-1295 Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Improper sanitization of path in default `RouteNotFoundError` view in `com.vaadin:flow-server` versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows network attacker to enumerate all available routes via crafted HTTP request when application is running in production mode and no custom handler for `NotFoundException` is provided.
- https://vaadin.com/security/cve-2021-31412
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro
blogs_talos·2021-08-13·CVSS 9.8
CVE-2021-21832 [CRITICAL] Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro
Piotr Bania of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered a memory corruption vulnerability in Disc Soft Ltd.'s Daemon Tools Pro.
Daemon Tools Pro is a professional emulation software that works with disc images and virtual drives. It allows the user to mount ISO images on Windows systems.
TALOS-2021-1295 (CVE-2021-21832) can cause memory corruption in the application if the user opens an adversary-created ISO file that causes an integer overflow. This vulnerability exists in the way the application parses ISOs.Cisco Talos worked with Disco Soft Ltd. to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.
Users are encouraged to update from Disc Soft Ltd. Daemon
Talos
Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro
blogs_talos·2021-08-13·CVSS 9.8
CVE-2021-21832 [CRITICAL] Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro
## Vulnerability Spotlight: Memory corruption vulnerability in Daemon Tools Pro
Piotr Bania of Cisco Talos discovered this vulnerability.
Cisco Talos recently discovered a memory corruption vulnerability in Disc Soft Ltd.'s Daemon Tools Pro.
Daemon Tools Pro is a professional emulation software that works with disc images and virtual drives. It allows the user to mount ISO images on Windows systems.
TALOS-2021-1295 (CVE-2021-21832) can cause memory corruption in the application if the user opens an adversary-created ISO file that causes an integer overflow. This vulnerability exists in the way the application parses ISOs.Cisco Talos worked with Disco Soft Ltd. to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerabil
2021-02-04
Published