[c-nsp] Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Aug 3 12:29:51 EDT 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160803-rv180_2

Revision 1.0

For Public Release 2016 August 3 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.

The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to execute arbitrary commands with root-level privileges.

Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available. 

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_2

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBV5jimq89gD3EAJB5AQJvBg//ctRV2Z10XPE5WaLLYjptaqzxiMxwI9Da
j9Sfi67bG7R+1EIWxWKj5zc8LYogBOz9aw2AyjWsr79bGkHgO0rs0l/6Lo9T+ArA
TNs4QheScjztFCnWRb+Df/xdzTeAB30A5iS5kyrTTJtDA6E8CmuQhXtJXEPzC8cT
p8wyDV4sE8XgHzhrm00DUe8OKQc1zrIpcU5y93AcINwdEf2CXFOllVw1KeDzKQJY
2jM5m1YlTM5Ei8wS4Li/0SmPlaANAZG7i3ElItRHGEO9YGsbt+ZerQsPAd8d+R6c
+HV3IF9tZ5Le0KFhdTw68ST8GAOxcdpL2DA3qtErcpMwhZca6bPU8okZZfhqAD63
mZDnaVWhGKHa+iyGK40cL+OgHmvxQLljvyS1hgj3ESPNYl+dh5ljFVw6KY5rZpRI
Zmi5Av79NNHQK3WalhBfwxsvTlxy0EwbPjetaSws/v3MxH1Xtq1MXhnH35juT4vz
83RvRMTm/71/AKgZ6LZIxcQMoVi9fjcqi7+dpgUBMomziBB+2aqaAH+8B943Knuw
S1Nzhg8Cv184MkkL+RLhSCfzFxfK4usO6v2hz/otJyDB238CZVtKeN+Ym9D5NvwU
dHwzjLQCsFqLbJN1ps5/JcSC8vtE2bLmevJepk+T/tHp0+k0tTmNm9FS3WE1YaIY
VZ+y3ge4778=
=Ywyj
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list