Vulnerability Details : CVE-2019-1898
Potential exploit
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.
Vulnerability category: BypassGain privilege
Products affected by CVE-2019-1898
- cpe:2.3:o:cisco:rv110w_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:rv215w_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:rv130w_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1898
2.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1898
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
Cisco Systems, Inc. | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2019-1898
-
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.Assigned by: ykramarz@cisco.com (Secondary)
-
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-1898
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190619-rv-fileaccess
Cisco RV110W, RV130W, and RV215W Routers Unauthenticated syslog File Access VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/108865
Multiple Cisco Products CVE-2019-1898 Access Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://www.tenable.com/security/research/tra-2019-29
Cisco RV110W, RV130W, and RV215W Routers Multiple Vulnerabilities - Research Advisory | TenableĀ®Exploit;Third Party Advisory
Jump to