Details of VAR-201606-0431

ID

VAR-201606-0431

CVE

CVE-2016-1395

TITLE

plural Cisco Device product firmware Web In the base management interface root Vulnerability to execute arbitrary code with privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-003298

DESCRIPTION

The web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to execute arbitrary code as root via a crafted HTTP request, aka Bug ID CSCux82428. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a remote code-execution vulnerability. This may aid in further attacks. This issue being tracked by Cisco Bug ID's CSCux82416, CSCux82422 and CSCux82428

Trust: 2.52

sources: NVD: CVE-2016-1395 // JVNDB: JVNDB-2016-003298 // CNVD: CNVD-2016-04096 // BID: 91224 // VULHUB: VHN-90214

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-04096

AFFECTED PRODUCTS

vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	eq	version:	1.0.1.3	Trust: 1.0
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	eq	version:	1.2.0.14	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	eq	version:	1.2.1.4	Trust: 1.0
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	eq	version:	1.0.2.7	Trust: 1.0
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	eq	version:	1.1.0.5	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	eq	version:	1.2.0.9	Trust: 1.0
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	eq	version:	1.0.0.21	Trust: 1.0
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	eq	version:	1.1.0.6	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	eq	version:	1.2.0.10	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	eq	version:	1.1.0.9	Trust: 1.0
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	eq	version:	1.2.0.15	Trust: 1.0
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	eq	version:	1.3.0.7	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	lt	version:	1.2.1.7	Trust: 0.8
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	lt	version:	1.0.3.16	Trust: 0.8
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	lt	version:	1.3.0.8	Trust: 0.8
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-04096 // JVNDB: JVNDB-2016-003298 // NVD: CVE-2016-1395 // CNNVD: CNNVD-201606-367

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-1395
value:	CRITICAL
Trust: 1.8
CNVD:	CNVD-2016-04096
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201606-367
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-90214
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-1395
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-04096
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90214
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2016-1395
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2016-04096 // VULHUB: VHN-90214 // JVNDB: JVNDB-2016-003298 // NVD: CVE-2016-1395 // CNNVD: CNNVD-201606-367

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-90214 // JVNDB: JVNDB-2016-003298 // NVD: CVE-2016-1395

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-367

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201606-367

CONFIGURATIONS

sources: NVD: CVE-2016-1395

PATCH

title:

cisco-sa-20160615-rv

url:

https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv

Trust: 0.8

sources: JVNDB: JVNDB-2016-003298

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1395	Trust: 3.4
db:	SECTRACK	id:	1036113	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-003298	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-367	Trust: 0.7
db:	CNVD	id:	CNVD-2016-04096	Trust: 0.6
db:	BID	id:	91224	Trust: 0.4
db:	VULHUB	id:	VHN-90214	Trust: 0.1

sources: CNVD: CNVD-2016-04096 // VULHUB: VHN-90214 // BID: 91224 // JVNDB: JVNDB-2016-003298 // NVD: CVE-2016-1395 // CNNVD: CNNVD-201606-367

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv	Trust: 1.7
url:	http://www.securitytracker.com/id/1036113	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1395	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1395	Trust: 0.8
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv/	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-04096 // VULHUB: VHN-90214 // BID: 91224 // JVNDB: JVNDB-2016-003298 // NVD: CVE-2016-1395 // CNNVD: CNNVD-201606-367

CREDITS

Cisco would like to thank security researcher Samuel Huntley for finding and reporting this vulnerability.

Trust: 0.6

sources: CNNVD: CNNVD-201606-367

SOURCES

db:	CNVD	id:	CNVD-2016-04096
db:	VULHUB	id:	VHN-90214
db:	BID	id:	91224
db:	JVNDB	id:	JVNDB-2016-003298
db:	NVD	id:	CVE-2016-1395
db:	CNNVD	id:	CNNVD-201606-367

LAST UPDATE DATE

2023-12-18T13:24:37.928000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-04096	date:	2016-06-17T00:00:00
db:	VULHUB	id:	VHN-90214	date:	2016-11-30T00:00:00
db:	BID	id:	91224	date:	2016-07-06T15:01:00
db:	JVNDB	id:	JVNDB-2016-003298	date:	2016-06-22T00:00:00
db:	NVD	id:	CVE-2016-1395	date:	2016-11-30T03:04:04.037
db:	CNNVD	id:	CNNVD-201606-367	date:	2016-06-16T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-04096	date:	2016-06-17T00:00:00
db:	VULHUB	id:	VHN-90214	date:	2016-06-19T00:00:00
db:	BID	id:	91224	date:	2016-06-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-003298	date:	2016-06-22T00:00:00
db:	NVD	id:	CVE-2016-1395	date:	2016-06-19T01:59:03.077
db:	CNNVD	id:	CNNVD-201606-367	date:	2016-06-16T00:00:00