BugTraq
Cisco RV Series multiple vulnerabilities Nov 06 2014 08:21AM
Securify B.V. (lists securify nl)
------------------------------------------------------------------------

Cisco RV Series multiple vulnerabilities
------------------------------------------------------------------------

Yorick Koster, June 2013

------------------------------------------------------------------------

Abstract
------------------------------------------------------------------------

Multiple vulnerabilities have been found in Cisco RV Series devices that
allows an attacker to overwrite/create arbitrary files, execute
arbitrary commands, and execute Cross-Site Request Forgery attacks.

------------------------------------------------------------------------

Affected versions
------------------------------------------------------------------------

These following Cisco RV Series devices are affected by these issues:

- Cisco RV120W Wireless-N VPN Firewall running firmware prior to 1.0.5.9
- Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN
Router running firmware versions prior to 1.0.4.14
- Cisco RV220W Wireless Network Security Firewall running any currently
available release

------------------------------------------------------------------------

Fix
------------------------------------------------------------------------

Please consult Cisco advisory cisco-sa-20141105-rv [4] for fix
information.

------------------------------------------------------------------------

Details
------------------------------------------------------------------------

https://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vu
lnerabilities.html

------------------------------------------------------------------------

References
------------------------------------------------------------------------

[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179
[4]
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
co-sa-20141105-rv

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus