目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

CVE-2019-1653— Cisco Small Business RV320和RV325 访问控制错误漏洞

AI Predicted 7.5 Difficulty: Easy KEV EPSS 99.88% · P100
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2019-1653の基本情報

脆弱性情報

脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information. The vulnerability is due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. Cisco has released firmware updates that address this vulnerability.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
访问控制不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco Small Business RV320和RV325 访问控制错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco Small Business RV320和RV325都是美国思科(Cisco)公司的企业级路由器。 使用1.4.2.15版本至1.4.2.19版本固件的Cisco Small Business RV320和RV325中基于Web的管理界面存在信息泄露漏洞,该漏洞源于程序对URLs执行了错误的访问控制。远程攻击者可通过HTTP或HTTPS协议连接受影响的设备并请求URLs利用该漏洞检索敏感信息。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

Shenlong 10 Questions — AI 深度分析

十问解析:根本原因、利用方式、修复建议、紧迫性。摘要免费,完整版需登录。

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
CiscoCisco Small Business RV Series Router Firmware n/a -

II. CVE-2019-1653の公開POC

#POC説明ソースリンクShenlongリンク
1NSE script to scan for Cisco routers vulnerable to CVE-2019-1653https://github.com/dubfr33/CVE-2019-1653POC詳細
2Just a PoC tool to extract password using CVE-2019-1653.https://github.com/shaheemirza/CiscoSpillPOC詳細
3A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to retrieve sensitive information.https://github.com/ibrahimzx/CVE-2019-1653POC詳細
4CiscoRV320Dump CVE-2019-1653 - Automatition. https://github.com/elzerjp/nuclei-CiscoRV320Dump-CVE-2019-1653POC詳細
5Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-1653.yamlPOC詳細
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2019-1653のインテリジェンス情報

登录查看更多情报信息。

CVE-2019-1653 厂商安全公告 (2)

CVE-2019-1653 公开利用代码 (5)

CVE-2019-1653 邮件列表归档 (4)

CVE-2019-1653 新闻报道 (1)

CVE-2019-1653 其他参考 (3)

Same Patch Batch · Cisco · 2019-01-24 · 14 CVEs total

CVE-2019-1652Cisco Small Business RV320 and RV325 Routers Command Injection Vulnerability
CVE-2019-1655Cisco Webex Meetings Server Cross-Site Scripting Vulnerability
CVE-2019-1656Cisco Enterprise NFV Infrastructure Software Linux Shell Access Vulnerability
CVE-2019-1657Cisco AMP Threat Grid API Key Information Disclosure Vulnerability
CVE-2019-1658Cisco Unified Intelligence Center Cross-Site Request Forgery Vulnerability
CVE-2019-1668Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability
CVE-2019-1669Cisco Firepower Threat Defense Software Packet Inspection and Enforcement Bypass Vulnerabi
CVE-2019-1645Cisco Connected Mobile Experiences Information Disclosure Vulnerability
CVE-2019-1646Privilege Escalation Vulnerability in Cisco SD-WAN Solution
CVE-2019-1647Cisco SD-WAN Solution Unauthorized Access Vulnerability
CVE-2019-1648Cisco SD-WAN Solution Privilege Escalation Vulnerability
CVE-2019-1650Cisco SD-WAN Solution Arbitrary File Overwrite Vulnerability
CVE-2019-1651Cisco SD-WAN Solution Buffer Overflow Vulnerability

IV. 関連脆弱性

V. CVE-2019-1653へのコメント

まだコメントはありません


コメントを残す