Lucene search

CiscoCVELIST:CVE-2019-1898

HistoryJun 19, 2019 - 12:00 a.m.

CVE-2019-1898 Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access Vulnerability

2019-06-1900:00:00

CWE-285

cisco

www.cve.org

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.091 Low

EPSS

Percentile

94.7%

JSON

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.

CNA Affected

[
  {
    "product": "Cisco RV130W Wireless-N Multifunction VPN Router Firmware ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "1.0.3.51",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/108865

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess

www.tenable.com/security/research/tra-2019-29

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.091 Low

EPSS

Percentile

94.7%

JSON

Related for CVELIST:CVE-2019-1898