OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Cisco RV Series multiple vulnerabilities

From: Securify B.V. (listssecurify.nl)
Date: Thu Nov 06 2014 - 02:21:26 CST


------------------------------------------------------------------------
Cisco RV Series multiple vulnerabilities
------------------------------------------------------------------------
Yorick Koster, June 2013

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Multiple vulnerabilities have been found in Cisco RV Series devices that
allows an attacker to overwrite/create arbitrary files, execute
arbitrary commands, and execute Cross-Site Request Forgery attacks.

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
These following Cisco RV Series devices are affected by these issues:

- Cisco RV120W Wireless-N VPN Firewall running firmware prior to 1.0.5.9
- Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN
Router running firmware versions prior to 1.0.4.14
- Cisco RV220W Wireless Network Security Firewall running any currently
available release

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
Please consult Cisco advisory cisco-sa-20141105-rv [4] for fix
information.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20130601/cisco_rv_series_multiple_vulnerabilities.html

------------------------------------------------------------------------
References
------------------------------------------------------------------------
[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2177
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2178
[3] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2179
[4]
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv