Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2019-15271
PUBLISHEDCisco Small Business RV016, RV042, RV042G, and RV082 Routers Arbitrary Command Execution Vulnerability
- Vendor
- Cisco
- Product
- Cisco Small Business RV Series Router Firmware
- Published
- Nov 26, 2019
- EPSS
- —
Description
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The attacker must have either a valid credential or an active session token. The vulnerability is due to lack of input validation of the HTTP payload. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based management interface of the targeted device. A successful exploit could allow the attacker to execute commands with root privileges.
CVSS scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2022-06-08 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Jun 08, 2022 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel