Cisco RV220W Wireless Network Security Firewall HTTP Header Processing Flaw Lets Remote Users Access the Target System
SecurityTracker Alert ID: 1034830|
SecurityTracker URL: http://securitytracker.com/id/1034830
(Links to External Site)
Date: Jan 27 2016
User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): Model RV220W; firmware prior to 184.108.40.206|
A vulnerability was reported in Cisco RV220W Wireless Network Security Firewall. A remote user can gain access to the target system.|
A remote user can a specially crafted HTTP request header containing SQL statements to the target management interface to bypass authentication and gain administrative access.
The vendor has assigned bug ID CSCuv29574 to this vulnerability.
An anonymous researcher (via Beyond Security's SecuriTeam Secure Disclosure program) reported this vulnerability.
A remote user can gain administrative access to the target system.|
The vendor has issued a fix (220.127.116.11).|
The vendor's advisory is available at:
Vendor URL: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220 (Links to External Site)
Input validation error|
Source Message Contents
-----BEGIN PGP SIGNED MESSAGE-----
Cisco RV220W Management Authentication Bypass Vulnerability
Advisory ID: cisco-sa-20160127-rv220
For Public Release 2016 January 27 16:00 UTC (GMT)
A vulnerability in the web-based management interface of Cisco RV220W
Wireless Network Security Firewall devices could allow an
unauthenticated, remote attacker to bypass authentication and gain
administrative privileges on a targeted device.
The vulnerability is due to insufficient input validation of HTTP
request headers that are sent to the web-based management interface
of an affected device. An unauthenticated, remote attacker could exploit
this vulnerability by sending a crafted HTTP request that contains
malicious SQL statements to the management interface of a targeted
device. Depending on whether remote management is configured for the
device, the management interface may use the SQL code in the HTTP
request header to determine user privileges for the device. A
successful exploit could allow the attacker to bypass authentication
on the management interface and gain administrative privileges on the
Cisco released a firmware update that addresses this vulnerability.
There are workarounds that mitigate this vulnerability.
This advisory is available at the following link:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
-----END PGP SIGNATURE-----