Vulnslist

find the latest Cisco vulnerabilities

Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerability

cisco-sa-rv-auth-bypass-cGv9EruZ · Critical · Published · Updated

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability. Disabling the remote management feature, if not required, would help to reduce the attack surface of this vulnerability.

CVEsCVE-2020-3144
Cisco Bug IDsCSCvr96247, CSCvr96252, CSCvr96256
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco RV130W Wireless-N Multifunction VPN Router Firmware, Cisco RV110W Wireless-N VPN Firewall Firmware, Cisco RV215W Wireless-N VPN Router Firmware, Cisco RV130 VPN Router

CSAF Product Statuses

Product Status Source CVE Rows
Cisco RV110W Wireless-N VPN Firewall Firmware known_affected cisco_csaf CVE-2020-3144 1
Cisco RV130 VPN Router known_affected cisco_csaf CVE-2020-3144 1
Cisco RV130W Wireless-N Multifunction VPN Router Firmware known_affected cisco_csaf CVE-2020-3144 1
Cisco RV215W Wireless-N VPN Router Firmware known_affected cisco_csaf CVE-2020-3144 1

Related Products

Product CVE Evidence
Cisco RV110W Wireless-N VPN Firewall Firmware CVE-2020-3144 Cisco OpenVuln
Cisco RV130 VPN Router CVE-2020-3144 Cisco OpenVuln
Cisco RV130W Wireless-N Multifunction VPN Router Firmware CVE-2020-3144 Cisco OpenVuln
Cisco RV215W Wireless-N VPN Router Firmware CVE-2020-3144 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2020-3144 Cisco OpenVuln