Vulnerabilites related to cisco - rv180w_firmware
Vulnerability from fkie_nvd
Published
2017-10-12 15:29
Modified
2024-11-21 02:34
Severity ?
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | rv320_firmware | * | |
cisco | rv320 | - | |
cisco | rv325_firmware | * | |
cisco | rv325 | - | |
cisco | rvs4000_firmware | * | |
cisco | rvs4000 | - | |
cisco | wrv210_firmware | * | |
cisco | wrv210 | - | |
cisco | wap4410n_firmware | * | |
cisco | wap4410n | - | |
cisco | wrv200_firmware | 1.0.39 | |
cisco | wrv200 | - | |
cisco | wrvs4400n_firmware | * | |
cisco | wrvs4400n | - | |
cisco | wap200_firmware | * | |
cisco | wap200 | - | |
cisco | wvc2300_firmware | * | |
cisco | wvc2300 | - | |
cisco | pvc2300_firmware | * | |
cisco | pvc2300 | - | |
cisco | srw224p_firmware | * | |
cisco | srw224p | - | |
cisco | wet200_firmware | * | |
cisco | wet200 | - | |
cisco | wap2000_firmware | * | |
cisco | wap2000 | - | |
cisco | wap4400n_firmware | * | |
cisco | wap4400n | - | |
cisco | rv120w_firmware | * | |
cisco | rv120w | - | |
cisco | rv180_firmware | * | |
cisco | rv180 | - | |
cisco | rv180w_firmware | * | |
cisco | rv180w | - | |
cisco | rv315w_firmware | * | |
cisco | rv315w | - | |
cisco | srp520_firmware | * | |
cisco | srp520 | - | |
cisco | srp520-u_firmware | * | |
cisco | srp520-u | - | |
cisco | wrp500_firmware | * | |
cisco | wrp500 | - | |
cisco | spa400_firmware | * | |
cisco | spa400 | - | |
cisco | rtp300_firmware | * | |
cisco | rtp300 | - | |
cisco | rv220w_firmware | * | |
cisco | rv220w | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv320_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F503CBF1-C2FB-40ED-8DA4-85F233EC4F8F", versionEndIncluding: "1.3.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:*", matchCriteriaId: "7596F6D4-10DA-4F29-95AD-75B60F4670D6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv325_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EE1BC6E1-8A83-438F-AE33-3AAED7DF1CBE", versionEndIncluding: "1.3.1.10", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:*", matchCriteriaId: "3435D601-EDA8-49FF-8841-EA6DF1518C75", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7881E4BC-6590-49C0-88C4-A21F2BE2B4FE", versionEndIncluding: "2.0.3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:*", matchCriteriaId: "EC30BCF7-FA1A-44B3-8C58-17DFA939E7C7", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wrv210_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "0E9D1511-2B20-4013-9504-0FE9A9B5220C", versionEndIncluding: "2.0.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wrv210:-:*:*:*:*:*:*:*", matchCriteriaId: "6FA20862-B235-4230-8861-A59CF62CC65E", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "EB758D90-1888-42E3-9305-82F59D9C1891", versionEndIncluding: "2.0.7.8", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:*", matchCriteriaId: "EFF89AC2-2A85-463C-A644-B3FA31A470FA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wrv200_firmware:1.0.39:*:*:*:*:*:*:*", matchCriteriaId: "57B0AF22-058C-4273-8A3F-744692DFB77E", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wrv200:-:*:*:*:*:*:*:*", matchCriteriaId: "F73575BC-B0E8-49A5-8E68-4D9B3109029D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wrvs4400n_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "1A1D37CC-A650-496D-B66B-62F69EFFFCCC", versionEndIncluding: "2.0.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wrvs4400n:-:*:*:*:*:*:*:*", matchCriteriaId: "BC842A29-7A55-4474-B5AD-A6813FE16A7D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wap200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "CBC035F1-83DE-47F1-BF2D-72FE32E926BC", versionEndIncluding: "2.0.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wap200:-:*:*:*:*:*:*:*", matchCriteriaId: "BD50A4C8-8E79-4D0B-8D23-88425EFE9234", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wvc2300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C6F6D758-4D48-4D16-B54C-08F924D8623C", versionEndIncluding: "1.1.2.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wvc2300:-:*:*:*:*:*:*:*", matchCriteriaId: "E1122B4F-87D0-4030-9C4C-E811BBEAC51F", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:pvc2300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "24B3D0D5-BA35-44A7-A9AC-EFC38638424E", versionEndIncluding: "1.1.2.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:pvc2300:-:*:*:*:*:*:*:*", matchCriteriaId: "35B259F8-E3F8-44D0-9EDB-BC686F239CF6", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:srw224p_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "72473F9C-4AD6-47AE-9568-D7451EB8DD09", versionEndIncluding: "2.0.2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:srw224p:-:*:*:*:*:*:*:*", matchCriteriaId: "8B559090-2CB3-41E6-B9C8-EB83FC7AFE54", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wet200_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C1B80159-909F-4B59-9DC6-34C1E508FCD1", versionEndIncluding: "2.0.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wet200:-:*:*:*:*:*:*:*", matchCriteriaId: "565A92B8-DF55-4F7D-B312-E1870728F27A", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wap2000_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "3751819E-FF92-4540-93D2-2D8F8427D826", versionEndIncluding: "2.0.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wap2000:-:*:*:*:*:*:*:*", matchCriteriaId: "C4844B66-4D3A-4526-87A3-6C45B9360691", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wap4400n_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C17056F7-933C-45AD-8F75-64E4B9ADFB55", versionEndIncluding: "-", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wap4400n:-:*:*:*:*:*:*:*", matchCriteriaId: "D47B755E-277A-4FF5-B005-C7F28B191D6B", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "34E8DF08-06D6-46EE-AE4A-8FA11D3E1FB9", versionEndIncluding: "1.0.5.9", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*", matchCriteriaId: "40465CA8-BE8B-4F15-8578-D8972C241D84", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "A27C46AD-51E7-463F-A296-D4C6DF9B01F7", versionEndIncluding: "1.0.5.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*", matchCriteriaId: "A8BD67F3-98CE-4B03-8980-6791B753FDC9", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv180w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "BA690405-6AB8-4503-90AB-0B25F50F4776", versionEndIncluding: "1.0.5.4", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*", matchCriteriaId: "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv315w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "7EEDA17A-529D-455C-B608-DFCFEC4DD448", versionEndIncluding: "1.01.03", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv315w:-:*:*:*:*:*:*:*", matchCriteriaId: "8D7B47D7-4D6B-43BF-BF1C-E89C781DDD14", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:srp520_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "857DB576-9674-42E1-B122-0ACCD696818F", versionEndIncluding: "1.01.29", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:srp520:-:*:*:*:*:*:*:*", matchCriteriaId: "DEE62C2A-30E6-4E0F-AC84-1A75F5032D22", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:srp520-u_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "F87C7EB8-4AF8-484E-B90F-B5E2C77D7679", versionEndIncluding: "1.2.6", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:srp520-u:-:*:*:*:*:*:*:*", matchCriteriaId: "F4A12DCA-F804-4CC1-B1FE-EF4A182A9722", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:wrp500_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "67487247-39A1-4EF9-A451-3A2585CC7D54", versionEndIncluding: "1.0.1.002", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:wrp500:-:*:*:*:*:*:*:*", matchCriteriaId: "78DAF22A-9A5A-4E55-AF0F-ED9969610411", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:spa400_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "26067A0B-6752-4008-A021-57A76AC84F26", versionEndIncluding: "1.1.2.2", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:spa400:-:*:*:*:*:*:*:*", matchCriteriaId: "A20F9B77-999F-4B2E-8894-6D6AED4A92CC", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rtp300_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "114E7DD2-5C5F-40A2-A795-FF75FACB4567", versionEndIncluding: "3.1.24", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rtp300:-:*:*:*:*:*:*:*", matchCriteriaId: "78E72C11-E53D-4E29-802A-002F0229C158", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*", matchCriteriaId: "C9C4E5A6-88BB-4758-8222-369BAE95C14B", versionEndIncluding: "1.0.4.17", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*", matchCriteriaId: "8620DFD9-E280-464E-91FF-2E901EDD49C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.", }, { lang: "es", value: "Múltiples dispositivos con software de Cisco incorporado utilizan certificados X.509 embebidos y claves de host SSH embebidas en el firmware, lo que permite que atacantes remotos superen los mecanismos de protección criptográfica y realicen ataques Man-in-the-Middle (MitM) sabiendo de estos certificados y claves de otra instalación. Esto también se conoce por los siguientes Bug ID: CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899 y CSCuw90913.", }, ], id: "CVE-2015-6358", lastModified: "2024-11-21T02:34:50.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-12T15:29:00.217", references: [ { source: "ykramarz@cisco.com", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci", }, { source: "ykramarz@cisco.com", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { source: "ykramarz@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/78047", }, { source: "ykramarz@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034255", }, { source: "ykramarz@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034256", }, { source: "ykramarz@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034257", }, { source: "ykramarz@cisco.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034258", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Vendor Advisory", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "US Government Resource", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/78047", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034256", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1034258", }, ], sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-05 17:29
Modified
2024-11-21 03:38
Severity ?
Summary
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | rv180w_firmware | - | |
cisco | rv180w | - | |
cisco | rv220w_firmware | - | |
cisco | rv220w | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv180w_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "3D4116FE-D526-4FC6-9BFC-31155D467ADE", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*", matchCriteriaId: "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:rv220w_firmware:-:*:*:*:*:*:*:*", matchCriteriaId: "A2FA50FE-0C86-4C7D-B6EF-5A0BF1989DD5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*", matchCriteriaId: "8620DFD9-E280-464E-91FF-2E901EDD49C0", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.", }, { lang: "es", value: "Una vulnerabilidad en el código framework web para Cisco RV180W Wireless-N Multifunction VPN Router y Small Business RV Series RV220W Wireless Network Security Firewall podría permitir que un atacante remoto realice un ataque de salto de directorio en un dispositivo objetivo. Este problema se debe al saneamiento incorrecto de las entradas proporcionadas por el usuario en parámetros de peticiones HTTP que describen nombres de archivo. Un atacante podría explotar esta vulnerabilidad empleando técnicas de salto de directorio para enviar una ruta a la localización de archivo que prefiera.", }, ], id: "CVE-2018-0405", lastModified: "2024-11-21T03:38:09.590", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-05T17:29:00.277", references: [ { source: "ykramarz@cisco.com", tags: [ "Vendor Advisory", ], url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019", }, ], sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "ykramarz@cisco.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2015-6358
Vulnerability from cvelistv5
Published
2017-10-12 15:00
Modified
2024-08-06 07:22
Severity ?
EPSS score ?
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
References
▼ | URL | Tags |
---|---|---|
http://www.kb.cert.org/vuls/id/566724 | third-party-advisory, x_refsource_CERT-VN | |
http://www.securitytracker.com/id/1034258 | vdb-entry, x_refsource_SECTRACK | |
http://www.securityfocus.com/bid/78047 | vdb-entry, x_refsource_BID | |
http://www.securitytracker.com/id/1034255 | vdb-entry, x_refsource_SECTRACK | |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci | vendor-advisory, x_refsource_CISCO | |
http://www.securitytracker.com/id/1034257 | vdb-entry, x_refsource_SECTRACK | |
http://www.securitytracker.com/id/1034256 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:22:20.764Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "VU#566724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { name: "1034258", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034258", }, { name: "78047", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/78047", }, { name: "1034255", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034255", }, { name: "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", "x_transferred", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci", }, { name: "1034257", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034257", }, { name: "1034256", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034256", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-11-25T00:00:00", descriptions: [ { lang: "en", value: "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-12T14:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { name: "VU#566724", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "http://www.kb.cert.org/vuls/id/566724", }, { name: "1034258", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034258", }, { name: "78047", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/78047", }, { name: "1034255", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034255", }, { name: "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability", tags: [ "vendor-advisory", "x_refsource_CISCO", ], url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci", }, { name: "1034257", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034257", }, { name: "1034256", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034256", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2015-6358", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "VU#566724", refsource: "CERT-VN", url: "http://www.kb.cert.org/vuls/id/566724", }, { name: "1034258", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034258", }, { name: "78047", refsource: "BID", url: "http://www.securityfocus.com/bid/78047", }, { name: "1034255", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034255", }, { name: "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability", refsource: "CISCO", url: "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci", }, { name: "1034257", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034257", }, { name: "1034256", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034256", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2015-6358", datePublished: "2017-10-12T15:00:00", dateReserved: "2015-08-17T00:00:00", dateUpdated: "2024-08-06T07:22:20.764Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-0405
Vulnerability from cvelistv5
Published
2018-10-05 17:00
Modified
2024-11-26 14:26
Severity ?
EPSS score ?
Summary
A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.
References
▼ | URL | Tags |
---|---|---|
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco RV180W Wireless-N Multifunction VPN Router |
Version: n/a |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:21:15.612Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2018-0405", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-25T18:52:55.448207Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-26T14:26:09.815Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Cisco RV180W Wireless-N Multifunction VPN Router", vendor: "Cisco", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-10-03T00:00:00", descriptions: [ { lang: "en", value: "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-05T16:57:01", orgId: "d1c1063e-7a18-46af-9102-31f8928bc633", shortName: "cisco", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019", }, ], source: { advisory: "CSCvk28019", defect: [ [ "CSCvk28019", ], ], discovery: "UNKNOWN", }, title: "Cisco RV180W Wireless-N Multifunction VPN Router Directory Path Traversal Vulnerability", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", DATE_PUBLIC: "2018-10-03T16:00:00-0500", ID: "CVE-2018-0405", STATE: "PUBLIC", TITLE: "Cisco RV180W Wireless-N Multifunction VPN Router Directory Path Traversal Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco RV180W Wireless-N Multifunction VPN Router", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web framework code for Cisco RV180W Wireless-N Multifunction VPN Router and Small Business RV Series RV220W Wireless Network Security Firewall could allow an unauthenticated, remote attacker to conduct a directory path traversal attack on a targeted device. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location.", }, ], }, impact: { cvss: { baseScore: "7.5", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-22", }, ], }, ], }, references: { reference_data: [ { name: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019", refsource: "CONFIRM", url: "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk28019", }, ], }, source: { advisory: "CSCvk28019", defect: [ [ "CSCvk28019", ], ], discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633", assignerShortName: "cisco", cveId: "CVE-2018-0405", datePublished: "2018-10-05T17:00:00Z", dateReserved: "2017-11-27T00:00:00", dateUpdated: "2024-11-26T14:26:09.815Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }