HomePentest-Tools.com Logo

Cisco Small Business RV Series - Information Disclosure (CVE-2019-1653)

Severity
CVSSv3 Score
7.5
Vulnerability description

The Cisco server is vulnerable to CVE-2019-1653, an Information Disclosure vulnerability, affecting the /cgi-bin/config.exp endpoint. The root cause of this vulnerability exists because the device allow access controls for the affected endpoint. An attacker can send an HTTP GET request and retrieve router configuration and diagnostics detail.

Risk description

The risk exists that a remote unauthenticated attacker can steal confidential information and crack the credentials in order to access the internal network.

Exploit capabilities

Sniper can extract custom artefacts as evidence from the target system.

Recommendation

Upgrade the Cisco firmware to the latest version.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Jan 2019
Published at
Updated at
Software Type
VPN Router
Vendor
Cisco
Product
Cisco Systems