CERTFR-2021-AVI-642

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans les produits Cisco. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Note : Cette vulnérabilité affecte le service UPnP (Universal Plug-and-Play). Par défaut, le service est activé uniquement sur les interfaces associées au réseau local et est désactivé sur les interfaces externes.

Solution

Les produits affectés ne sont plus maintenus par l'éditeur et ne disposeront donc pas de correctif.

Le CERT-FR recommande fortement de procéder au remplacement de ces équipements.

Contournement provisoire

Désactiver le service UPnP via l'interface d'administration (menu 'Basic Settings' / 'UPnP', cocher les cases 'Disabled').

None
Impacted products
Vendor Product Description
Cisco N/A RV110W Wireless-N VPN Firewalls
Cisco N/A RV130W Wireless-N Multifunction VPN Routers
Cisco N/A RV215W Wireless-N VPN Routers
Cisco N/A RV130 VPN Routers
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "RV110W Wireless-N VPN Firewalls",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "RV130W Wireless-N Multifunction VPN Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "RV215W Wireless-N VPN Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "RV130 VPN Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\n\u003cu\u003eLes produits affect\u00e9s ne sont plus maintenus par l\u0027\u00e9diteur et ne\ndisposeront donc pas de correctif.\u003c/u\u003e\n\nLe CERT-FR recommande fortement de proc\u00e9der au remplacement de ces\n\u00e9quipements.\n\n## Contournement provisoire\n\nD\u00e9sactiver le service *UPnP via* l\u0027interface d\u0027administration (menu\n\u0027Basic Settings\u0027 / \u0027UPnP\u0027, cocher les cases \u0027Disabled\u0027).\n",
  "cves": [
    {
      "name": "CVE-2021-34730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34730"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-642",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance\net un d\u00e9ni de service \u00e0 distance.\n\n\u003cu\u003eNote :\u003c/u\u003e Cette vuln\u00e9rabilit\u00e9 affecte le service *UPnP* (*Universal\nPlug-and-Play*). Par d\u00e9faut, le service est activ\u00e9 uniquement sur les\ninterfaces associ\u00e9es au r\u00e9seau local et est d\u00e9sactiv\u00e9 sur les interfaces\nexternes.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cisco-sb-rv-overflow-htpymMB5 du 18 ao\u00fbt 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.