Cisco Small Business RV Series - Information Disclosure (CVE-2019-1653)
- Severity
- CVSSv3 Score
- 7.5
- Vulnerability description
The Cisco server is vulnerable to CVE-2019-1653, an Information Disclosure vulnerability, affecting the /cgi-bin/config.exp endpoint. The root cause of this vulnerability exists because the device allow access controls for the affected endpoint. An attacker can send an HTTP GET request and retrieve router configuration and diagnostics detail.
- Risk description
The risk exists that a remote unauthenticated attacker can steal confidential information and crack the credentials in order to access the internal network.
- Exploit capabilities
Sniper can extract custom artefacts as evidence from the target system.
- Recommendation
Upgrade the Cisco firmware to the latest version.
- Codename
- Not available
- Detectable with
- Network Scanner
- Exploitable with Sniper
- Yes
- Vuln date
- Jan 2019
- Published at
- Updated at
- Software Type
- VPN Router
- Vendor
- Cisco
- Product
- Cisco Systems