Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability

Related Vulnerabilities: CVE-2016-1429  

A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to access arbitrary files on the system. This vulnerability allows the attacker to perform directory traversal. The vulnerability is due to lack of proper input verification and sanitization of the user input directory path. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to read arbitrary files on the system that should be restricted. Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1

Source

Summary

  • A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to access arbitrary files on the system. This vulnerability allows the attacker to perform directory traversal.

    The vulnerability is due to lack of proper input verification and sanitization of the user input directory path. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to read arbitrary files on the system that should be restricted.

    Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available.

    This advisory is available at the following link:

    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1

Affected Products

  • Vulnerable Products

    All firmware versions of Cisco RV180 VPN Router and RV180W Wireless-N Multifunction VPN Router are vulnerable.

    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by this vulnerability.

Workarounds

  • There are no workarounds that address this vulnerability. The following two mitigations may help limit exposure to this vulnerability:

    Disable Remote Management

    Caution: Do not disable remote management if the device is managed via the WAN connection. This will result in loss of management connectivity to the device. Disabling this feature prevents Cisco QuickVPN access.

    Remote Management is disabled by default. If it is enabled, administrators can disable it using the Web Access screen: Administration > Management Interface > Web Access. Check the box for Disabled in the Remote Management field.

    Disabling remote management helps ensure that only users on the LAN could attempt to exploit the vulnerabilities. Remote management is not enabled by default on the device.

    Limit Remote Management Access to Specific IP Addresses

    If remote management is required, harden the device so that it can be accessed only by certain IP addresses, rather than the default setting of any. By accessing the configuration screen (Administration > Management Interface > Web Access), an administrator can change the Remote IP address field to ensure only devices with specified IP addresses can access the device.

Fixed Software

  • Cisco has not released and will not release firmware updates to address the vulnerability described in this advisory. The Cisco RV180 Router and the Cisco RV180W Router have entered the end-of-life (EoL) process. Please refer to the EoL notices for these products:
    Customers are encouraged to migrate to the Cisco RV130W Wireless-N Multifunction VPN Router.

    When considering a device migration, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that new devices will be sufficient for their network needs; new devices contain sufficient memory, and current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

  • This vulnerability was found and reported to Cisco from security researcher Harri Kuosmanen.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

URL

Revision History

  • Version Description Section Status Date
    1.0 Initial public release. - Final 2016-August-03

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started