Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability

Available Languages

Updated:August 3, 2016
Document ID:1470242512895619

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Cisco Security Advisory

Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability

High
Advisory ID:
cisco-sa-20160803-rv180_1
First Published:
2016 August 3 16:00 GMT
Version 1.0:
Final
Workarounds:
Yes
Cisco Bug IDs:
CSCuz43023
CVE-2016-1429
CWE-22
CVSS Score:
Base 7.1, Temporal 6.7Click Icon to Copy Verbose Score
AV:N/AC:M/Au:N/C:C/I:N/A:N/E:F/RL:U/RC:C
CVE-2016-1429
CWE-22

Summary

  • A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to access arbitrary files on the system. This vulnerability allows the attacker to perform directory traversal.

    The vulnerability is due to lack of proper input verification and sanitization of the user input directory path. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to read arbitrary files on the system that should be restricted.

    Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available.

    This advisory is available at the following link:

    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv180_1

Affected Products

  • Vulnerable Products

    All firmware versions of Cisco RV180 VPN Router and RV180W Wireless-N Multifunction VPN Router are vulnerable.

    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by this vulnerability.

Workarounds

  • There are no workarounds that address this vulnerability. The following two mitigations may help limit exposure to this vulnerability:

    Disable Remote Management 

    Caution: Do not disable remote management if the device is managed via the WAN connection. This will result in loss of management connectivity to the device. Disabling this feature prevents Cisco QuickVPN access.

    Remote Management is disabled by default. If it is enabled, administrators can disable it using the Web Access screen: Administration > Management Interface > Web Access. Check the box for Disabled in the Remote Management field.

    Disabling remote management helps ensure that only users on the LAN could attempt to exploit the vulnerabilities. Remote management is not enabled by default on the device.

    Limit Remote Management Access to Specific IP Addresses

    If remote management is required, harden the device so that it can be accessed only by certain IP addresses, rather than the default setting of any. By accessing the configuration screen (Administration > Management Interface > Web Access), an administrator can change the Remote IP address field to ensure only devices with specified IP addresses can access the device.

Fixed Software

  • Cisco has not released and will not release firmware updates to address the vulnerability described in this advisory. The Cisco RV180 Router and the Cisco RV180W Router have entered the end-of-life (EoL) process. Please refer to the EoL notices for these products:
    Customers are encouraged to migrate to the Cisco RV130W Wireless-N Multifunction VPN Router.

    When considering a device migration, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that new devices will be sufficient for their network needs; new devices contain sufficient memory, and current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

  • This vulnerability was found and reported to Cisco from security researcher Harri Kuosmanen.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

URL

Revision History

  • Version Description Section Status Date
    1.0 Initial public release. Final 2016-August-03
    Show Less

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications