CISCO : Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105768

Categoría: CISCO

Título: Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability

Resumen: A vulnerability in the web interface of the Cisco RV110W; Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W; Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code; as root on a targeted system.

Descripción: Summary:
A vulnerability in the web interface of the Cisco RV110W
Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W
Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code
as root on a targeted system.

Vulnerability Insight:
The vulnerability is due to insufficient sanitization of HTTP
user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP
request with custom user data.

Vulnerability Impact:
An exploit could allow the attacker to execute arbitrary code
with root-level privileges on the affected system, which could be leveraged to conduct further
attacks.

Solution:
See the referenced vendor advisory for a solution.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1395
Cisco Security Advisory: 20160615 Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv
http://www.securitytracker.com/id/1036113

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105768
Categoría:	CISCO
Título:	Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability
Resumen:	A vulnerability in the web interface of the Cisco RV110W; Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W; Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code; as root on a targeted system.
Descripción:	Summary: A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system. Vulnerability Insight: The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data. Vulnerability Impact: An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks. Solution: See the referenced vendor advisory for a solution. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1395 Cisco Security Advisory: 20160615 Cisco RV110W, RV130W, and RV215W Routers Arbitrary Code Execution Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv http://www.securitytracker.com/id/1036113
Copyright	Copyright (C) 2016 Greenbone Networks GmbH