CVE-2018-0424 - OpenCVE

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Rv130w Firmware Rv215w Firmware Rv110w Firmware Rv110w Wireless-n Vpn Firewall Rv130w Rv215w Wireless-n Vpn Router

Configuration 1 [-]

AND

cpe:2.3:o:cisco:rv110w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:rv130w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv130w:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securitytracker.com/id/1041677	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2018-09-05T00:00:00

Updated: 2018-10-07T09:57:02

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0424

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-10-05T14:29:00.967

Modified: 2020-08-28T18:45:47.060

Link: CVE-2018-0424

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Cisco RV130W Wireless-N Multifunction VPN Router Firmware ", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-05T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-10-07T09:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1041677", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041677"}, {"name": "20180905 Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection"}], "source": {"advisory": "cisco-sa-20180905-rv-routers-injection", "defect": [["CSCvj23214", "CSCvj42736", "CSCvj42741"]], "discovery": "UNKNOWN"}, "title": "Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2018-09-05T16:00:00-0500", "ID": "CVE-2018-0424", "STATE": "PUBLIC", "TITLE": "Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco RV130W Wireless-N Multifunction VPN Router Firmware ", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user."}]}, "impact": {"cvss": {"baseScore": "7.2", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-77"}]}]}, "references": {"reference_data": [{"name": "1041677", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041677"}, {"name": "20180905 Cisco RV110W, RV130W, and RV215W Routers Management Interface Command Injection Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection"}]}, "source": {"advisory": "cisco-sa-20180905-rv-routers-injection", "defect": [["CSCvj23214", "CSCvj42736", "CSCvj42741"]], "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0424", "datePublished": "2018-09-05T00:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2018-10-07T09:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv110w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DF190588-2B4D-479F-9BB1-B72D2EA64442", "versionEndIncluding": "1.2.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", "matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv130w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D25407AC-3C94-4A9B-B8B4-A3F22866CC5D", "versionEndExcluding": "1.0.3.44", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv130w:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4D58B36-08AF-46BE-8D21-11B7F0CA17EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FDE8FD8-92E8-4BDC-A7AC-705C46E1EF47", "versionEndIncluding": "1.3.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de los dispositivos Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router y Cisco RV215W Wireless-N VPN Router podr\u00edan permitir que un atacante remoto autenticado ejecute comandos arbitrarios. La vulnerabilidad se debe a la validaci\u00f3n insuficiente de entradas proporcionadas por el usuario en los scripts por parte de la interfaz de gesti\u00f3n web. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de peticiones maliciosas a un dispositivo objetivo. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante ejecute comandos arbitrarios con privilegios del usuario root."}], "id": "CVE-2018-0424", "lastModified": "2020-08-28T18:45:47.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-10-05T14:29:00.967", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041677"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}