code | #TRUSTED 4adf1f072c4ea622831bb3665ab47ff7d18cb9de185ed55ebb0ccade3e4485665c6c218567432a7da86c917da62ec8b5005ff1503b30c214226bc3002043f6d2613a15cce49540b56027b8f7e7fdfb569387478537f65d68e3c9821b3b5d2d7589335d056309825bb5717b58ae19601594eaf9e97330a35b461eea53e7d1ca61c79d5245e6385b1ca60e808be2de0cc3859d06931856ad225fa75af42634583d49035cb8540aece2ece0c8e0a33b3c0ae6eda5e1f06488d7e59410e13d51f53cd735743f405c1bcd4f4403d7e60a7e69627154de3e0623e7de25f29cfb43566b8f5d3289de6f927288387a81733c7e3079d87a336971e351596df123787b3de4b7de131dba9e7b6aa0d9fb0155f6f8055ec2ab3e6aec95a3521666d23b808dd3e6fbcf9eec548b952dfbb9485fc83576542f5aa8e8f67ab8490c046c3252a3d8d18c5443f37531ec5e4c128ef7e32df2c7f4240864f066308bd9cc1fea6178474c3c949d80bc019f6c3edb92eaa89d509318abde6166aa745eed3b64bb6b061cfacea734f0d1a7ede25c8349bd01103daed6ee1c9bbcf86c4edc62bc85a6baf730f44701c721ad5063e0876e1f339083b946bd7c8c7cdaa0586197d8886583631ab196ec52425d052daabdd4dcd232376516d7c5aee2dcb64633843ccd976905821022f3c36fcfbf195ad9964ecf320b248ce30d8bb9525f8ba92d8cdf92fe0d
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(124061);
script_version("1.4");
script_cvs_date("Date: 2019/12/20");
script_cve_id("CVE-2019-1827", "CVE-2019-1828");
script_xref(name:"CWE", value:"CWE-327");
script_xref(name:"CWE", value:"CWE-79");
script_xref(name:"CISCO-BUG-ID", value:"CSCvp09589");
script_xref(name:"CISCO-BUG-ID", value:"CSCvp09573");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190404-rv-xss");
script_xref(name:"CISCO-SA", value:"cisco-sa-20190404-rv-weak-encrypt");
script_name(english:"Cisco Small Business RV320 and RV325 Routers Multiple Vulnerabilities");
script_summary(english:"Checks the version of Cisco Small Business RV Series Router Firmware");
script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch");
script_set_attribute(attribute:"description", value:
"According to its self-reported version, this Cisco Small Business RV
Series router is affected by multiple vulnerabilities:
- A vulnerability in the Online Help web service of Cisco
Small Business RV320 and RV325 Dual Gigabit WAN VPN
Routers could allow an unauthenticated, remote attacker
to conduct a reflected cross-site scripting (XSS) attack
against a user of the service.The vulnerability exists
because the Online Help web service of an affected
device insufficiently validates user-supplied input. An
attacker could exploit this vulnerability by persuading
a user of the service to click a malicious link. A
successful exploit could allow the attacker to execute
arbitrary script code in the context of the affected
service or access sensitive browser-based information.
(CVE-2019-1827)
- A vulnerability in the web-based management interface of
Cisco Small Business RV320 and RV325 Dual Gigabit WAN
VPN Routers could allow an unauthenticated, remote
attacker to access administrative credentials.The
vulnerability exists because affected devices use weak
encryption algorithms for user credentials. An attacker
could exploit this vulnerability by conducting a man-in-
the-middle attack and decrypting intercepted
credentials. A successful exploit could allow the
attacker to gain access to an affected device with
administrator privileges. (CVE-2019-1828)
Please see the included Cisco BIDs and Cisco Security Advisory for
more information");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190404-rv-xss
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7ea0bf3d");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190404-rv-weak-encrypt
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?75b1813b");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp09589");
script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp09573");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvp09589 & CSCvp09573");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1828");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/04");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:small_business_rv_series_router_firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CISCO");
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("cisco_small_business_detect.nasl");
script_require_keys("Cisco/Small_Business_Router/Version", "Cisco/Small_Business_Router/Device");
exit(0);
}
include("audit.inc");
include("cisco_workarounds.inc");
include("ccf.inc");
product_info = cisco::get_product_info(name:'Cisco Small Business RV Series Router Firmware');
vuln_list = [
{'min_ver' : '0', 'fix_ver' : '1.4.2.22'}
];
reporting = make_array(
'port' , 0,
'severity' , SECURITY_WARNING,
'fix' , '1.4.2.22',
'version' , product_info['version'],
'bug_id' , 'CSCvp09589 & CSCvp09573',
'disable_caveat', TRUE,
'xss' , TRUE
);
cisco::check_and_report(
product_info:product_info,
reporting:reporting,
vuln_ranges:vuln_list,
models:make_list('RV320', 'RV325')
);
|