Cisco Small Business RV Series - Information Disclosure (CVE-2019-1653)
- Severity
- CVSSv3 Score
- 7.5
- Exploitable with Sniper
- Yes
- Vulnerability description
The Cisco server is vulnerable to CVE-2019-1653, an Information Disclosure vulnerability, affecting the /cgi-bin/config.exp endpoint. The root cause of this vulnerability exists because the device allow access controls for the affected endpoint. An attacker can send an HTTP GET request and retrieve router configuration and diagnostics detail.
- Exploit capabilities
Sniper can extract custom artefacts as evidence from the target system.
- Risk description
The risk exists that a remote unauthenticated attacker can steal confidential information and crack the credentials in order to access the internal network.
- Recommendation
Upgrade the Cisco firmware to the latest version.
- Detectable with
- Network Scanner
- Vuln date
- Jan 2019
- Published at
- Updated at
- Software Type
- VPN Router
- Vendor
- Cisco
- Product
- Cisco Systems
- Codename
- Not available