mirror of https://github.com/qwqdanchun/Goby.git
73 lines
3.8 KiB
JSON
73 lines
3.8 KiB
JSON
{
|
||
"Name": "Cisco RV340 RCE (CVE-2021-1473)",
|
||
"Description": "<p>The Cisco RV34x series dual wide area network (WAN) gigabit virtual private network (VPN) security routers are next-generation high-performance routers. Terminal devices and applications can be identified and processed according to user-defined policies to improve productivity and optimize network usage.</p><p>Cisco RV34X Series - Authentication Bypass and Remote Command Execution.</p>",
|
||
"Product": "Cisco",
|
||
"Homepage": "https://www.cisco.com",
|
||
"DisclosureDate": "2021-05-27",
|
||
"Author": "1291904552@qq.com",
|
||
"FofaQuery": "app=\"CISCO-RV340\" || app=\"CISCO-RV340W\" || app=\"CISCO-RV345\" || app=\"CISCO-RV345P\"",
|
||
"GobyQuery": "app=\"CISCO-RV340\" || app=\"CISCO-RV340W\" || app=\"CISCO-RV345\" || app=\"CISCO-RV345P\"",
|
||
"Level": "3",
|
||
"Impact": "<p>Cisco RV34X Series - Authentication Bypass and Remote Command Execution.</p>",
|
||
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.cisco.com\">https://www.cisco.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
|
||
"Translation": {
|
||
"CN": {
|
||
"Name": "Cisco RV340 远程命令执行漏洞 CVE-2021-1473",
|
||
"VulType": [
|
||
"命令执行"
|
||
],
|
||
"Description": "<p>Cisco RV34x系列双重广域网(WAN)千兆位虚拟专用网络(VPN)安全路由器是下一代高性能路由器。可以根据用户定义的策略识别和处理终端设备和应用程序,以提高生产力和优化网络使用。</p><p>Cisco RV34X 系列 - 身份验证绕过和远程命令执行。</p>",
|
||
"Impact": "<p>Cisco RV34X 系列 - 身份验证绕过和远程命令执行。</p>",
|
||
"Product": "Cisco",
|
||
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新: <a href=\"https://www.cisco.com\">https://www.cisco.com</a></p><p>1、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。</p><p>2、如⾮必要,禁⽌公⽹访问该系统。</p>"
|
||
},
|
||
"EN": {
|
||
"Name": "Cisco RV340 RCE (CVE-2021-1473)",
|
||
"VulType": [
|
||
"rce"
|
||
],
|
||
"Description": "<p>The Cisco RV34x series dual wide area network (WAN) gigabit virtual private network (VPN) security routers are next-generation high-performance routers. Terminal devices and applications can be identified and processed according to user-defined policies to improve productivity and optimize network usage.</p><p>Cisco RV34X Series - Authentication Bypass and Remote Command Execution.",
|
||
"Impact": "<p>Cisco RV34X Series - Authentication Bypass and Remote Command Execution.</p>",
|
||
"Product": "Cisco",
|
||
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.cisco.com\">https://www.cisco.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
|
||
}
|
||
},
|
||
"References": [
|
||
"https://www.iot-inspector.com/blog/advisory-cisco-rv34x-authentication-bypass-remote-command-execution/",
|
||
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b"
|
||
],
|
||
"HasExp": true,
|
||
"ExpParams": [
|
||
{
|
||
"name": "cmd",
|
||
"type": "input",
|
||
"value": "id"
|
||
}
|
||
],
|
||
"ExpTips": null,
|
||
"ScanSteps": null,
|
||
"Tags": [
|
||
"rce"
|
||
],
|
||
"VulType": [
|
||
"rce"
|
||
],
|
||
"CVEIDs": [
|
||
"CVE-2021-1472",
|
||
"CVE-2021-1473"
|
||
],
|
||
"CVSSScore": "9.8",
|
||
"AttackSurfaces": {
|
||
"Application": null,
|
||
"Support": null,
|
||
"Service": null,
|
||
"System": null,
|
||
"Hardware": ["Cisco RV340"]
|
||
},
|
||
"CNNVD": [
|
||
""
|
||
],
|
||
"CNVD": [
|
||
""
|
||
]
|
||
} |