Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.2074
Multiple Vulnerabilities in Cisco Small Business RV Series Routers
6 November 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco RV Series Routers
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Create Arbitrary Files -- Remote/Unauthenticated
Cross-site Request Forgery -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2014-2179 CVE-2014-2178 CVE-2014-2177
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small
Business RV Series Routers
Advisory ID: cisco-sa-20141105-rv
Revision 1.0
For Public Release 2014 November 5 16:00 UTC (GMT)
+----------------------------------------------------------------------
Summary
=======
The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router,
Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W
Wireless Network Security Firewall are affected by the following
vulnerabilities:
* Cisco RV Series Routers Command Injection Vulnerability
* Cisco RV Series Routers HTTP Referer Header Vulnerability
* Cisco RV Series Routers Insecure File Upload Vulnerability
These vulnerabilities are independent of each other; a release that
is affected by one of the vulnerabilities may not be affected by the
others.
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate these vulnerabilities are
available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)
iQIVAwUBVFmbD4pI1I6i1Mx3AQJdTg/9F/NC3ZcoMNJqmzj4oAuPl4LtiRry735U
VByfJp3TMh6REhJW5s78FhjCFsZeklN/OOk0EeWuyF3YjfyfcEWuKtLz6DfM8wLA
LggnyEYn/NCfdukRnIOtmDL/KSGqTDVCx4H6hl1bkTEFGlxzOMDWfH5YPP9Ptdcu
8q7/M1jSlqUhFVNzAMgsv95GUdk2bN5lf5ZP/vdXJCZR0Q32c/6uoCMDfJMFIod5
1C/6p3D4JRDWfndrW6I26fxYDa2rozBK3OJIe74yF7Vc9f/g7y3ZfpQWwImRFb3c
Klzyxuo2gEkuJYiIHF8Jdy6GZDVtsO+U8yKF2ZoCc6PZY+lVyo1oS4UVMqGIr0ar
1FZmYwdJpSvsQoeVlrzhjuNGQduWXvw5NqU946NUrlG2Y0Ch2XZBa2pbY5CYd7NC
FV6Eay6oQE3DadRDpO1Co8CH7NiEs0G4e6/rg7MpU7fNGPekWLKJYqCExzzh4cP/
Y3ykLI0/LDMm5DHmG9vAzxapSTGDLiSjOa3GJfEE1NPaVXQWaPCc1gKz+f2LxdnG
uqZxEZxgyNA/ouNQDbYxgkTHXyYuMoaxJy8TD+SNLD2mfwhugZfIppKqR3fzO3fv
zeaARapAv5Me/QwDRj7+EAG9W+osreIbIV1U+yO1SFwoOZl9w/b7wU/SuDuB0FMf
5AI1CwM/xfs=
=uVv4
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVFrn/hLndAQH1ShLAQLP0xAAifqTxNjGKuBx9kCAy+Mn/bQgurNSqrnA
SnoX7wH+xVOWhr4VG7F6nwadF/Jxg2EYZceu4wHx3/iSroJlxVSL2NQOAwioT+8X
hqr/6Z6X0PBily7Lbs9ZpHZC/5pA5c3DdE334bZNGsES3GN/aNryRacY7SqtiiZa
J0zAFvjUxhkCaXFGTcywhQ8aGwp8ZWlHFFO8CNrzn2r5QM5PlbrTxn0mo3RlC9Sg
1k7b+fCyqVelEUZTDG6a4Qs59q+ia7O/b9VgAbYN80ZGkSIs4laKfqbEbDJq5Q3d
qoc+r1AX8d7yR256zGnIJe6m8DXOFUUgnFBhrqjrpL4o9Ylwiz0Uyqq5h8XK3kl8
QRGuM4Tu9o7EVXDcNp67bQjsQ3hmUCHxFfzqtIY5gggJxMFo/W0Rm1xFCkO20oFP
+O6ZxwdLuOEWrpCoRoJFsuIUsMZzHt+3fGvIDk6PrUjCqwRtXacDgkmaMUcwl4zo
ixMAh5BSPvuyS0EMCyoeyb+3uMwy2xeIeOrvltGZiZnxRrG3Cw8Izcz02TgtJRmC
Gif/04RVeOBnxvTJMQXMnuLLVzxRT8n1hylOvJSC5L99A+MTlXP655UGjNdx4/Uw
4Oi4eVLRpilXoE3MCuVF4clW4l8cR2DDdnMI8vcocFI7a1V9R4UYHh5qDwLmNAjG
WqkOBIumq9E=
=wuNd
-----END PGP SIGNATURE-----