qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Cisco-RV340-Auth-RCE-(CVE-2...

72 lines
6.1 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Cisco RV340 Auth RCE (CVE-2021-1414)",
"Description": "<p>Cisco is the world's leading provider of network solutions.</p><p>Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.</p>",
"Product": "Cisco",
"Homepage": "https://www.cisco.com",
"DisclosureDate": "2021-05-27",
"Author": "1291904552@qq.com",
"FofaQuery": "app=\"CISCO-RV340\" || app=\"CISCO-RV340W\" || app=\"CISCO-RV345\" || app=\"CISCO-RV345P\"",
"GobyQuery": "app=\"CISCO-RV340\" || app=\"CISCO-RV340W\" || app=\"CISCO-RV345\" || app=\"CISCO-RV345P\"",
"Level": "3",
"Impact": "<p>Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.cisco.com\">https://www.cisco.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Cisco RV340 后台远程命令执行漏洞 CVE-2021-1414",
"VulType": [
"命令执行"
],
"Description": "<p>思科公司是全球领先的网络解决方案供应商。</p><p>Cisco RV340、RV340W、RV345 和 RV345P 双 WAN 千兆 VPN 路由器的基于 Web 的管理界面中存在多个漏洞,可能允许经过身份验证的远程攻击者使用与受影响设备上的 Web 服务进程等效的提升权限执行任意代码。这些漏洞的存在是因为 HTTP 请求没有得到正确验证。攻击者可以通过向受影响设备的基于 Web 的管理界面发送精心设计的 HTTP 请求来利用这些漏洞。成功的利用可能允许攻击者在设备上远程执行任意代码。</p>",
"Impact": "<p>Cisco RV340、RV340W、RV345 和 RV345P 双 WAN 千兆 VPN 路由器的基于 Web 的管理界面中存在多个漏洞,可能允许经过身份验证的远程攻击者使用与受影响设备上的 Web 服务进程等效的提升权限执行任意代码。这些漏洞的存在是因为 HTTP 请求没有得到正确验证。攻击者可以通过向受影响设备的基于 Web 的管理界面发送精心设计的 HTTP 请求来利用这些漏洞。成功的利用可能允许攻击者在设备上远程执行任意代码。</p>",
"Product": "Cisco",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新: <a href=\"https://www.cisco.com\">https://www.cisco.com</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Cisco RV340 Auth RCE (CVE-2021-1414)",
"VulType": [
"rce"
],
"Description": "<p>Cisco is the world's leading provider of network solutions.</p><p>Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.",
"Impact": "<p>Multiple vulnerabilities in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code with elevated privileges equivalent to the web service process on an affected device. These vulnerabilities exist because HTTP requests are not properly validated. An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.</p>",
"Product": "Cisco",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.cisco.com\">https://www.cisco.com</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://www.iot-inspector.com/blog/advisory-cisco-rv34x-authentication-bypass-remote-command-execution/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-8bfG2h6b"
],
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "id"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2021-1414"
],
"CVSSScore": "6.3",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": ["Cisco RV340"]
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink