Vulnerabilities > CVE-2019-15990 - Unspecified vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 4 | |
| Hardware | 4 |
Nessus
NASL family CISCO NASL id CISCO-SA-20191106-SBR-COMINJ.NASL description According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information last seen 2020-06-01 modified 2020-06-02 plugin id 131231 published 2019-11-22 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131231 title Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability (cisco-sa-20191106-sbr-cominj) code #TRUSTED a3694a9bbe9e93dbbbd60314a648f5c75a63bc7d830a78cfe491fa62f31eaa2003434a17c8d2482a6fd802ae4006d64e07d80af20f882b98d9b4484e4f36f9383d7527681ad39b1dd10636ad1521acadc4a5247ea51a5eb2f165622dd9c2ecb3fb0c6b6e427d583848ca54a856dae2b805490c0fdf3cc0010f731a3d0aa114e41e8839cd37200f25ca2c8571a59cd89000e25818fc48452b8abb0077eb23267ac4b1b9379f1318a80973c6514325cf277ad4e978f3f27f70d16465c678c3fbd4913caa12313117fdcb9733bea01946ffa3cd5fafafda8278626cde94af0ac6a64cffc559c2f91a2d61ccb71a4b41c6520ada372b2a410926b04357649de4951e98f56d453bd8aadccd60eb6b1e88a8abbc6f8667b9cf00ec85a74682ede5bb7cb50a74f791f240934aab4c62f61da4a2b87ac126e3c0222a5791b1ee4daf80931603953b3cc5c6e46249f7400a0cebbd01fb87e99cf482d50ad85b5f5dd22e680cc0128f078cbe92e4ce86866680587b2c6dafaaecddd2ee4efe80efdca5d15fa91999e88647e099539f90559f609dcfa895542098de64f32ab13d149baed3ebf93ad5f635891314bf0adb9d998e251400f05d361b594a457a7d26c7fe21e19d6ebd6826b81f7d217e23eab60d3f72c31c5edde2c31910b1b4d7fd7619df9d3b7762b4c42d13be276546e7dc8c5549976a2061caacffcd06bcc52edbe99ad4fb # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131231); script_version("1.4"); script_cvs_date("Date: 2019/12/20"); script_cve_id("CVE-2019-15957", "CVE-2019-15990"); script_xref(name:"CISCO-BUG-ID", value:"CSCvq76768"); script_xref(name:"CISCO-BUG-ID", value:"CSCvr39939"); script_xref(name:"CISCO-SA", value:"cisco-sa-20191106-sbr-cominj"); script_xref(name:"IAVA", value:"2019-A-0429"); script_name(english:"Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Command Injection Vulnerability (cisco-sa-20191106-sbr-cominj)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by a vulnerability. Please see the included Cisco BIDs and Cisco Security Advisory for more information"); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbr-cominj script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?38591e1a"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq76768"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvr39939"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvq76768, CSCvr39939"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15957"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(20); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/06"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/22"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:small_business_rv_series_router_firmware"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_small_business_detect.nasl"); script_require_keys("Cisco/Small_Business_Router/Version", "Cisco/Small_Business_Router/Device"); exit(0); } include('audit.inc'); include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:'Cisco Small Business RV Series Router Firmware'); if ( product_info.model !~ '^RV016($|[^0-9])' && # RV016 product_info.model !~ '^RV042G?($|[^0-9])' && # RV042 / RV042G product_info.model !~ '^RV082($|[^0-9])' && # RV082 product_info.model !~ '^RV32[05]($|[^0-9])' # RV320 / RV325 ) audit(AUDIT_HOST_NOT, "an affected Cisco Small Business RV Series Router"); # RV320 and RV325 affected version < 1.5.1.05 if (product_info.model =~ '^RV32[05]($|[^0-9])') { vuln_ranges = [ { 'min_ver' : '0', 'fix_ver' : '1.5.1.05' } ]; } # other models are affected version < 4.2.3.10 else { vuln_ranges = [ { 'min_ver' : '0', 'fix_ver' : '4.2.3.10' } ]; } workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_HOLE, 'version' , product_info['version'], 'bug_id' , 'CSCvq76768, CSCvr39939' ); cisco::check_and_report(product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_ranges, models:make_list('RV016', 'RV042', 'RV042G', 'RV082', 'RV320', 'RV325'));NASL family CISCO NASL id CISCO-SA-20191120-SBR-RV-INFODIS.NASL description According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by an information disclosure vulnerability in the web-based management interface due to improper authorization of HTTP requests. An unauthenticated, remote attacker can exploit this, by sending crafted HTTP requests to the web-based management interface, in order to view information displayed in the web-based management interface without authentication. Please see the included Cisco BID(s) and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 131403 published 2019-12-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131403 title Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure (cisco-sa-20191120-sbr-rv-infodis) code #TRUSTED 5ff82dc55b251fc199bb2421f1c43b46c0a929cb5716838abbb5760eaa51b23056d2da6d77ea7c18100f394ff4565dc91bac79b51d0d47f32888e66aeef1ea52e1f30074ae79ebca933b86c3f1684e212eb133caf6498c33c762c12f1d422b7ddc170073a498ad2b89b32b81955d88a6bf40c7c8d92814e8da1cc6dde27f047a062afe0602f37018328d51ded1865e24d0e927b669d68d9f79a5dd471d9f9bc90bcf2f34e766d98366fa1b330d443e85e6306296c87e603bb2abcfd1b077e3686418315f5f5ff0d8f51bbcd47770a1ab62cc4abf1f78406e86a557b4192fa410a7ad5442ef6b71ac8959af3303b684c4add2277770b7720aefb016b3c8f38a653450d0023477aeca938da75a1f13df15714cd6dc1aa4f041f33d3b39e880dc833e5b19b5a9bb613c720ef78322ef09bba16c84ff24b9843b9b89b4d8390b1c644c6bcb0966e4c71c39a9a39ad1983635d418da947e2f526585f7535af83b8453090c40e8704db8fab1ce22e4ad9207455e600d5e5f6a207619469bb1d3325104318164aaf9eb7eb3fda29512fff68da2b858e1151cf739fe9d37d1bedb90441c48dbd9037ad8d6db4e35172c17ff62a8dc4836dccbb366576e53f3ae2213741059456d3d90c78381d32338581b3ad312bca8525f51343c97ea303bb7fab694f7cf59876ef956087fe6ef45b71c192d3f1896a2f083f95486254a475eba00302c # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(131403); script_version("1.4"); script_cvs_date("Date: 2019/12/04"); script_cve_id("CVE-2019-15990"); script_xref(name:"CISCO-BUG-ID", value:"CSCvq76840"); script_xref(name:"CISCO-SA", value:"cisco-sa-20191120-sbr-rv-infodis"); script_xref(name:"IAVA", value:"2019-A-0429"); script_name(english:"Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure (cisco-sa-20191120-sbr-rv-infodis)"); script_set_attribute(attribute:"synopsis", value: "The remote device is missing a vendor-supplied security patch"); script_set_attribute(attribute:"description", value: "According to its self-reported version, Cisco Small Business RV Series Router Firmware is affected by an information disclosure vulnerability in the web-based management interface due to improper authorization of HTTP requests. An unauthenticated, remote attacker can exploit this, by sending crafted HTTP requests to the web-based management interface, in order to view information displayed in the web-based management interface without authentication. Please see the included Cisco BID(s) and Cisco Security Advisory for more information. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-sbr-rv-infodis script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3b86d905"); script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq76840"); script_set_attribute(attribute:"solution", value: "Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvq76840"); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-15990"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(285); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/20"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/02"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:small_business_rv_series_router_firmware"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CISCO"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("cisco_small_business_detect.nasl"); script_require_keys("Cisco/Small_Business_Router/Version", "Cisco/Small_Business_Router/Device"); exit(0); } include('audit.inc'); include('cisco_workarounds.inc'); include('ccf.inc'); product_info = cisco::get_product_info(name:'Cisco Small Business RV Series Router Firmware'); if (product_info.model !~ '^RV0(16|42G?|82)($|[^0-9])') # RV016, RV042 / RV042G, RV082 audit(AUDIT_HOST_NOT, "an affected Cisco Small Business RV Series Router"); vuln_ranges = [ { 'min_ver' : '0', 'fix_ver' : '4.2.3.10' } ]; workarounds = make_list(CISCO_WORKAROUNDS['no_workaround']); workaround_params = make_list(); reporting = make_array( 'port' , 0, 'severity' , SECURITY_WARNING, 'version' , product_info['version'], 'bug_id' , 'CSCvq76840' ); cisco::check_and_report( product_info:product_info, workarounds:workarounds, workaround_params:workaround_params, reporting:reporting, vuln_ranges:vuln_ranges, models:make_list('RV016', 'RV042', 'RV042G', 'RV082') );