—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability
Advisory ID: cisco-sa-20180905-rv-routers-disclosure
Revision: 1.0
For Public Release: 2018 September 5 16:00 GMT
Last Updated: 2018 September 5 16:00 GMT
CVE ID(s): CVE-2018-0425
CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+———————————————————————
Summary
=======
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.
The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-rv-routers-disclosure”]
—–BEGIN PGP SIGNATURE—–
iQJ5BAEBAgBjBQJbkAC3XBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcz1EcP/jy++/Z2THApVfCcODrhks4Ldotv
fK2jsTyiKzQVgdMoefuW5AoKAb7a7d/jfaY9qwHrOie30a2aVUa9QDo3E4gQNiGN
pn+5TRgAm6IRQjEkCU213DBe/kg4PJLh9Ot0gawa0X0aYha2S8dypXz8oXSCgPIS
WOsXBV0YoIz+B+4npqrHqW4VUCpEbArtQjF7yV3ZCmA6vsU022RfqcEv1TnSI0m0
uY9QHFL3qwC0+cwJ2s2fCBaq1gQQ1I56488If/GcG1qoxVyvmuRY6u0P+TzNvGKf
7Ix+UhGSr/uOgdMiz9blOD9c3U5en/U6LLIqRcC5mKrl6C+LSyPhU8NJIXSS96j7
qje1+etoeZaCxh/IyF137oK+bVK5azY9anisYQTLWQiY0aw6IdfSZjc5p1i++8e3
5ArbWYyqLrHsXxqRm6rRd4UMkjIzI5jl1Wu4gnAbHF5BNLyjv3BWJY7+SigxRRxk
8mZCCpdM1X8QWDoSpNHySbOTfSQ/+OEThrOrAwChW0fPv+Imo6ZrOwcJIBauGoKw
WBAZGldeQlsbooU3SycUoqvviiW3fSD2ZWTBYO2+fwv7/UTAUoGYgYKwUlscB5Ml
4NL1xu7AxDg4eoNMaj9LCh7wRlgSvEmdcBN00sZ0XSMsx2X+ls+JDuLx4VUcuPjT
N37IfMu+4ZzM5LAJ
=xbO/
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com