CVE-2019-15271

Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability

CVSS 8.8 HIGHEPSS 6.0%● KEVCWE-502

In short

A flaw in Cisco Small Business routers' web interface allows an authenticated user to run commands as root by sending specially crafted requests, because the system doesn't properly check what data is being sent.

Technical detail

The vulnerability stems from insufficient input validation in the web-based management interface (CWE-502 deserialization of untrusted data). An authenticated remote attacker can exploit this by crafting malicious HTTP payloads to execute arbitrary commands with root privileges; exploitation requires valid credentials or an active session token.

Summary generated and translated by AI from the official description.

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Cisco · Cisco Small Business RV Series Router Firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-sbrv-cmd-x https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15271