Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-1724
HistoryMay 03, 2019 - 5:29 p.m.

CVE-2019-1724

2019-05-0317:29:00
CWE-287
[email protected]
web.nvd.nist.gov
24
cisco
rv320
rv325
vulnerability
session hijacking
http request
nvd
cve-2019-1724

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON

A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session. The vulnerability is due to a lack of proper session management controls. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted device. A successful exploit could allow the attacker to take control of an existing user session on the device. Exploitation of the vulnerability requires that an authorized user session is active and that the attacker can craft an HTTP request to impersonate that session.

Affected configurations

NVD
Node
ciscorv325_dual_wan_gigabit_vpn_router_firmwareMatch1.3.1.12
AND
ciscorv325_dual_wan_gigabit_vpn_routerMatch-
Node
ciscorv320_dual_gigabit_wan_vpn_router_softwareMatch1.3.1.12
AND
ciscorv320_dual_gigabit_wan_vpn_routerMatch-

CNA Affected

[
  {
    "product": "Cisco Small Business RV Series Router Firmware ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "1.4.2.20",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
prion 1
cisco 1
nvd 1
cvelist
cvelist
CVE-2019-1724 Cisco Small Business RV320 and RV325 Routers Session Hijacking Vulnerability
2019-05-01 00:00:00
prion
prion
Session fixation
2019-05-03 17:29:00
cisco
cisco
Cisco Small Business RV320 and RV325 Routers Session Hijacking Vulnerability
2019-05-01 16:00:00
nvd
nvd
CVE-2019-1724
2019-05-03 17:29:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.3%

JSON
Related for CVE-2019-1724
cvelist1prion1cisco1nvd1