CVE-2018-0424

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securitytracker.com/id/1041677	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:rv110w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:rv130w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv130w:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-10-05 14:29

Updated : 2024-02-04 20:03

NVD link : CVE-2018-0424

Mitre link : CVE-2018-0424

CVE.ORG link : CVE-2018-0424

JSON object : View

Products Affected

cisco

rv110w_wireless-n_vpn_firewall
rv110w_firmware
rv215w_wireless-n_vpn_router
rv130w_firmware
rv130w
rv215w_firmware

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2018-0424", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-10-05T14:29:00.967", "references": [{"url": "http://www.securitytracker.com/id/1041677", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-injection", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de los dispositivos Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router y Cisco RV215W Wireless-N VPN Router podr\u00edan permitir que un atacante remoto autenticado ejecute comandos arbitrarios. La vulnerabilidad se debe a la validaci\u00f3n insuficiente de entradas proporcionadas por el usuario en los scripts por parte de la interfaz de gesti\u00f3n web. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de peticiones maliciosas a un dispositivo objetivo. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante ejecute comandos arbitrarios con privilegios del usuario root."}], "lastModified": "2020-08-28T18:45:47.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv110w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF190588-2B4D-479F-9BB1-B72D2EA64442", "versionEndIncluding": "1.2.1.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CA92B2A4-A9D9-4BF5-A687-848917283E8C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv130w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D25407AC-3C94-4A9B-B8B4-A3F22866CC5D", "versionEndExcluding": "1.0.3.44"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv130w:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E4D58B36-08AF-46BE-8D21-11B7F0CA17EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv215w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FDE8FD8-92E8-4BDC-A7AC-705C46E1EF47", "versionEndIncluding": "1.3.0.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BE146ECF-BE5C-4CA1-A325-C3402F540FBB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}