CVE-2019-15990 - Vulnerability Details

CVE-2019-15990 - Cisco Small Business Routers RV016, RV042, RV042G, and RV082 Information Disclosure Vulnerability

A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an unauthenticated, remote attacker to view information displayed in the web-based management interface. The vulnerability is due to improper authorization of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to view information displayed in the web-based management interface without authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Cisco	Rv016 Multi-wan Vpn Rv016 Multi-wan Vpn Firmware Rv042 Dual Wan Vpn Rv042 Dual Wan Vpn Firmware Rv042g Dual Gigabit Wan Vpn Rv042g Dual Gigabit Wan Vpn Firmware Rv082 Dual Wan Vpn Rv082 Dual Wan Vpn Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:rv016_multi-wan_vpn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv016_multi-wan_vpn:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:rv042_dual_wan_vpn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042_dual_wan_vpn:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:rv042g_dual_gigabit_wan_vpn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042g_dual_gigabit_wan_vpn:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:rv082_dual_wan_vpn_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv082_dual_wan_vpn:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-sbr-rv-infodis

History

Tue, 19 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2019-11-26T03:42:02.310103Z

Updated: 2024-11-19T18:51:36.299Z

Reserved: 2019-09-06T00:00:00

Link: CVE-2019-15990

Vulnrichment

Updated: 2024-08-05T01:03:32.639Z

NVD

Status : Modified

Published: 2019-11-26T04:15:12.077

Modified: 2024-11-21T04:29:53.083

Link: CVE-2019-15990

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object