A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to execute arbitrary commands with root-level privileges.
Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available.
This advisory is available at the following link:
http://ift.tt/2aTvZ0J
A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to execute arbitrary commands with root-level privileges.
Cisco has not released and will not release a firmware update to address this vulnerability. Mitigations for this vulnerability are available.
This advisory is available at the following link:
http://ift.tt/2aTvZ0J
Security Impact Rating: Critical
CVE: CVE-2016-1430
from Cisco Security Advisory http://ift.tt/2aTvZ0J
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.