Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.2074 Multiple Vulnerabilities in Cisco Small Business RV Series Routers 6 November 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco RV Series Routers Publisher: Cisco Systems Operating System: Cisco Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Create Arbitrary Files -- Remote/Unauthenticated Cross-site Request Forgery -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-2179 CVE-2014-2178 CVE-2014-2177 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Small Business RV Series Routers Advisory ID: cisco-sa-20141105-rv Revision 1.0 For Public Release 2014 November 5 16:00 UTC (GMT) +---------------------------------------------------------------------- Summary ======= The Cisco RV120W Wireless-N VPN Firewall, Cisco RV180 VPN Router, Cisco RV180W Wireless-N Multifunction VPN Router, and Cisco RV220W Wireless Network Security Firewall are affected by the following vulnerabilities: * Cisco RV Series Routers Command Injection Vulnerability * Cisco RV Series Routers HTTP Referer Header Vulnerability * Cisco RV Series Routers Insecure File Upload Vulnerability These vulnerabilities are independent of each other; a release that is affected by one of the vulnerabilities may not be affected by the others. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141105-rv - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVFmbD4pI1I6i1Mx3AQJdTg/9F/NC3ZcoMNJqmzj4oAuPl4LtiRry735U VByfJp3TMh6REhJW5s78FhjCFsZeklN/OOk0EeWuyF3YjfyfcEWuKtLz6DfM8wLA LggnyEYn/NCfdukRnIOtmDL/KSGqTDVCx4H6hl1bkTEFGlxzOMDWfH5YPP9Ptdcu 8q7/M1jSlqUhFVNzAMgsv95GUdk2bN5lf5ZP/vdXJCZR0Q32c/6uoCMDfJMFIod5 1C/6p3D4JRDWfndrW6I26fxYDa2rozBK3OJIe74yF7Vc9f/g7y3ZfpQWwImRFb3c Klzyxuo2gEkuJYiIHF8Jdy6GZDVtsO+U8yKF2ZoCc6PZY+lVyo1oS4UVMqGIr0ar 1FZmYwdJpSvsQoeVlrzhjuNGQduWXvw5NqU946NUrlG2Y0Ch2XZBa2pbY5CYd7NC FV6Eay6oQE3DadRDpO1Co8CH7NiEs0G4e6/rg7MpU7fNGPekWLKJYqCExzzh4cP/ Y3ykLI0/LDMm5DHmG9vAzxapSTGDLiSjOa3GJfEE1NPaVXQWaPCc1gKz+f2LxdnG uqZxEZxgyNA/ouNQDbYxgkTHXyYuMoaxJy8TD+SNLD2mfwhugZfIppKqR3fzO3fv zeaARapAv5Me/QwDRj7+EAG9W+osreIbIV1U+yO1SFwoOZl9w/b7wU/SuDuB0FMf 5AI1CwM/xfs= =uVv4 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVFrn/hLndAQH1ShLAQLP0xAAifqTxNjGKuBx9kCAy+Mn/bQgurNSqrnA SnoX7wH+xVOWhr4VG7F6nwadF/Jxg2EYZceu4wHx3/iSroJlxVSL2NQOAwioT+8X hqr/6Z6X0PBily7Lbs9ZpHZC/5pA5c3DdE334bZNGsES3GN/aNryRacY7SqtiiZa J0zAFvjUxhkCaXFGTcywhQ8aGwp8ZWlHFFO8CNrzn2r5QM5PlbrTxn0mo3RlC9Sg 1k7b+fCyqVelEUZTDG6a4Qs59q+ia7O/b9VgAbYN80ZGkSIs4laKfqbEbDJq5Q3d qoc+r1AX8d7yR256zGnIJe6m8DXOFUUgnFBhrqjrpL4o9Ylwiz0Uyqq5h8XK3kl8 QRGuM4Tu9o7EVXDcNp67bQjsQ3hmUCHxFfzqtIY5gggJxMFo/W0Rm1xFCkO20oFP +O6ZxwdLuOEWrpCoRoJFsuIUsMZzHt+3fGvIDk6PrUjCqwRtXacDgkmaMUcwl4zo ixMAh5BSPvuyS0EMCyoeyb+3uMwy2xeIeOrvltGZiZnxRrG3Cw8Izcz02TgtJRmC Gif/04RVeOBnxvTJMQXMnuLLVzxRT8n1hylOvJSC5L99A+MTlXP655UGjNdx4/Uw 4Oi4eVLRpilXoE3MCuVF4clW4l8cR2DDdnMI8vcocFI7a1V9R4UYHh5qDwLmNAjG WqkOBIumq9E= =wuNd -----END PGP SIGNATURE-----