CVE-2019-1652
Published: 24 January 2019
Summary
CVE-2019-1652 is a high-severity Improper Input Validation (CWE-20) vulnerability in Cisco Rv320 Firmware. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers allows an authenticated remote attacker with administrative privileges to execute arbitrary commands on the underlying Linux shell as root. The issue stems from improper validation of user-supplied input (CWE-20 and CWE-78) and is exploitable by sending crafted HTTP POST requests to the management interface. It carries a CVSS 3.1 base score of 7.2.
An attacker who already possesses administrative credentials on an affected device can leverage the flaw to run commands with root privileges, potentially compromising the router's configuration, traffic, or connected networks. Public exploit code demonstrating command injection against these models has been published on Packet Storm and Seclists.
Cisco has released firmware updates that address the vulnerability. The listed references consist primarily of technical disclosures and proof-of-concept material rather than official mitigation guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-10209
Vulnerability details
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. The vulnerability is due…
more
to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root. Cisco has released firmware updates that address this vulnerability.
- CWE(s)
- KEV Date Added
- 03 March 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of user-supplied input on the web management interface, blocking the crafted HTTP POST requests that trigger command injection.
Mandates timely application of vendor firmware updates that remediate the improper input validation flaw (CWE-20/CWE-78).
Restricts the router to only the necessary management functions and interfaces, reducing the attack surface available to an authenticated administrator.