CVE-2019-15271
Published: 26 November 2019
Summary
CVE-2019-15271 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Cisco Rv016 Multi-Wan Vpn Firmware. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 9.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability tracked as CVE-2019-15271 exists in the web-based management interface of certain Cisco Small Business RV Series Routers. The flaw is caused by insufficient input validation of HTTP payloads and is associated with CWE-502. It permits an authenticated remote attacker to execute arbitrary commands with root privileges on affected devices.
An attacker who possesses either valid administrative credentials or an active session token can exploit the issue by submitting a crafted HTTP request to the management interface. Successful exploitation grants full root-level command execution, potentially allowing complete control over the router's configuration and traffic.
Cisco's security advisory provides mitigation guidance including software updates for impacted RV Series models, while CISA lists the CVE in its catalog of known exploited vulnerabilities, underscoring the importance of applying patches promptly to prevent remote compromise.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-6279
Vulnerability details
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session…
more
token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
- CWE(s)
- KEV Date Added
- 08 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of HTTP input payloads to block the crafted requests that enable root command execution.
Mandates prompt application of vendor patches that remediate the input-validation flaw in the web management interface.
Enforces least-privilege restrictions so that even an authenticated session cannot obtain unrestricted root command execution.