{ "id": "CVE-2021-1520", "sourceIdentifier": "psirt@cisco.com", "published": "2021-05-06T13:15:11.027", "lastModified": "2024-11-21T05:44:32.147", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the internal message processing of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, local attacker to run arbitrary commands with root privileges on the underlying operating system (OS). This vulnerability exists because an internal messaging service does not properly sanitize input. An attacker could exploit this vulnerability by first authenticating to the device and then sending a crafted request to the internal service. A successful exploit could allow the attacker to run arbitrary commands with root privileges on the underlying OS. To exploit this vulnerability, the attacker must have valid Administrator credentials for the device." }, { "lang": "es", "value": "Una vulnerabilidad en el procesamiento interno de mensajes de Cisco RV340, RV340W, RV345, y RV345P Dual WAN Gigabit VPN Routers, podr\u00eda permitir a un atacante local autenticado ejecutar comandos arbitrarios con privilegios root en el Sistema Operativo (SO) subyacente. Esta vulnerabilidad se presenta porque un servicio de mensajer\u00eda interna no sanea apropiadamente la entrada. Un atacante podr\u00eda explotar esta vulnerabilidad si se autentica primero en el dispositivo y luego env\u00eda una petici\u00f3n dise\u00f1ada hacia el servicio interno. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar comandos arbitrarios con privilegios root en el Sistema Operativo subyacente. Para explotar esta vulnerabilidad, el atacante debe tener credenciales de administrador v\u00e1lidas para el dispositivo" } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@cisco.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.8, "impactScore": 5.9 }, { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "baseScore": 7.2, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE" }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "psirt@cisco.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-123" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.03.21", "matchCriteriaId": "DB20DECC-5D66-4E87-8E19-AFCE0EC2538B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.03.21", "matchCriteriaId": "F1D3E083-7BC2-485B-82CD-CE3DE176A047" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*", "matchCriteriaId": "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.03.21", "matchCriteriaId": "504FBEF9-DCC1-4EE2-9F04-14E38141A03C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E91E68B-CBE9-462E-82D4-6F588B8E84E8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.0.03.21", "matchCriteriaId": "9C7C3346-DD1A-41CC-BB4D-F42CCE75A928" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*", "matchCriteriaId": "5120BAB7-FB3A-481E-9ECD-48341846AFBD" } ] } ] } ], "references": [ { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-34x-privesc-GLN8ZAQE", "source": "psirt@cisco.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-34x-privesc-GLN8ZAQE", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }