CVE-2019-15957
Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user.
Una vulnerabilidad en la interfaz de administración basada en web de determinados Cisco Small Business RV Series Routers, podría permitir a un atacante remoto autenticado con privilegios administrativos inyectar comandos arbitrarios en el sistema operativo subyacente. Cuando son procesados, los comandos serán ejecutados con privilegios root. La vulnerabilidad es debido a una comprobación insuficiente de la entrada suministrada por el usuario. Un atacante podría explotar esta vulnerabilidad al proporcionar información maliciosa en un campo específico en la interfaz de administración basada en web de un dispositivo afectado. Una explotación con éxito podría permitir al atacante ejecutar comandos arbitrarios en el sistema operativo Linux subyacente como un usuario root
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2019-09-06 CVE Reserved
- 2020-09-23 CVE Published
- 2024-11-02 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Rv016 Multi-wan Vpn Firmware Search vendor "Cisco" for product "Rv016 Multi-wan Vpn Firmware" | < 4.2.3.10 Search vendor "Cisco" for product "Rv016 Multi-wan Vpn Firmware" and version " < 4.2.3.10" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv016 Multi-wan Vpn Search vendor "Cisco" for product "Rv016 Multi-wan Vpn" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Rv042 Dual Wan Vpn Search vendor "Cisco" for product "Rv042 Dual Wan Vpn" | < 4.2.3.10 Search vendor "Cisco" for product "Rv042 Dual Wan Vpn" and version " < 4.2.3.10" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv042 Dual Wan Vpn Search vendor "Cisco" for product "Rv042 Dual Wan Vpn" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Rv042g Dual Gigabit Wan Vpn Firmware Search vendor "Cisco" for product "Rv042g Dual Gigabit Wan Vpn Firmware" | < 4.2.3.10 Search vendor "Cisco" for product "Rv042g Dual Gigabit Wan Vpn Firmware" and version " < 4.2.3.10" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv042g Dual Gigabit Wan Vpn Search vendor "Cisco" for product "Rv042g Dual Gigabit Wan Vpn" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Rv082 Dual Wan Vpn Router Firmware Search vendor "Cisco" for product "Rv082 Dual Wan Vpn Router Firmware" | < 4.2.3.10 Search vendor "Cisco" for product "Rv082 Dual Wan Vpn Router Firmware" and version " < 4.2.3.10" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv082 Dual Wan Vpn Router Search vendor "Cisco" for product "Rv082 Dual Wan Vpn Router" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Rv320 Firmware Search vendor "Cisco" for product "Rv320 Firmware" | < 1.5.1.05 Search vendor "Cisco" for product "Rv320 Firmware" and version " < 1.5.1.05" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv320 Dual Gigabit Wan Vpn Router Search vendor "Cisco" for product "Rv320 Dual Gigabit Wan Vpn Router" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Rv325 Firmware Search vendor "Cisco" for product "Rv325 Firmware" | < 1.5.1.05 Search vendor "Cisco" for product "Rv325 Firmware" and version " < 1.5.1.05" | - |
Affected
| in | Cisco Search vendor "Cisco" | Rv325 Dual Gigabit Wan Wf Vpn Router Search vendor "Cisco" for product "Rv325 Dual Gigabit Wan Wf Vpn Router" | - | - |
Safe
|