-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2417
        Cisco patches four critical, five other vulnerabilities in
                           its RV-series routers
                               16 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           RV110W series routers
                   RV130 series routers
                   RV130W series routers
                   RV215W series routers
                   RV340 series routers
                   RV340W series routers
                   RV345 series routers
                   RV345P series routers
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Root Compromise                 -- Remote/Unauthenticated
                   Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-3358 CVE-2020-3357 CVE-2020-3332
                   CVE-2020-3331 CVE-2020-3330 CVE-2020-3323
                   CVE-2020-3150 CVE-2020-3146 CVE-2020-3145
                   CVE-2020-3144  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-m4FEEGWX
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rce-dos-9ZAjkx4
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-info-dis-FEWBWgsD
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy

Comment: This bulletin contains nine Cisco security advisories,
         including four rated by Cisco as "critical".

- --------------------------BEGIN INCLUDED TEXT--------------------

Cisco RV110W and RV215W Series Routers Arbitrary Code Execution Vulnerability

Priority:        Critical

Advisory ID:     cisco-sa-code-exec-wH3BNFb

First Published: 2020 July 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvs50861 CSCvs50862 

CVE-2020-3331    
CWE-119

CVSS Score:
9.8  AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco RV110W
    Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow
    an unauthenticated, remote attacker to execute arbitrary code on an
    affected device.

    The vulnerability is due to improper validation of user-supplied input data
    by the web-based management interface. An attacker could exploit this
    vulnerability by sending crafted requests to a targeted device. A
    successful exploit could allow the attacker to execute arbitrary code with
    the privileges of the root user.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-code-exec-wH3BNFb

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco RV110W Wireless-N VPN Firewall releases
    earlier than Release 1.2.2.8 and Cisco RV215W Wireless-N VPN Router
    releases earlier than Release 1.3.1.7.

    The web-based management interface of these devices is available through a
    local LAN connection or the remote management feature. By default, the
    remote management feature is disabled for these devices.

    To determine whether the remote management feature is enabled for a device,
    administrators can open the web-based management interface and choose Basic
    Settings > Remote Management . If the Enable box is checked, remote
    management is enabled for the device.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license:
    https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in the following firmware releases:

       RV110W Wireless-N VPN Firewall: 1.2.2.8
       RV215W Wireless-N VPN Router: 1.3.1.7

    To download the software from the Software Center on Cisco.com, do the
    following:

     1. Click Browse All.
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN
        Router > Wireless Router Firmware.
     3. Access releases by using the left pane of the RV110W Wireless-N VPN
        Firewall or RV215W Wireless-N VPN Router page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Larryxi of XDSEC for reporting this
    vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-code-exec-wH3BNFb

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-JUL-15  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------------------------------------------------------------

Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass
Vulnerability

Priority:        Critical

Advisory ID:     cisco-sa-rv-auth-bypass-cGv9EruZ

First Published: 2020 July 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvr96247 CSCvr96252CSCvr96256

CVE-2020-3144    
CWE-284

CVSS Score:
9.8  AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of the Cisco RV110W
    Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction
    VPN Router, and RV215W Wireless-N VPN Router could allow an
    unauthenticated, remote attacker to bypass authentication and execute
    arbitrary commands with administrative commands on an affected device.

    The vulnerability is due to improper session management on affected
    devices. An attacker could exploit this vulnerability by sending a crafted
    HTTP request to the affected device. A successful exploit could allow the
    attacker to gain administrative access on the affected device.

    Cisco has released software updates that address the vulnerability
    described in this advisory. There are no workarounds that address this
    vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv-auth-bypass-cGv9EruZ

Affected Products

  o Vulnerable Products

    This vulnerability affects all releases of the following Cisco products if
    they are running a vulnerable software release:

       RV110W Wireless-N VPN Firewall
       RV130 VPN Router
       RV130W Wireless-N Multifunction VPN Router
       RV215W Wireless-N VPN Router

    The web-based management interface of these devices is available through a
    local LAN connection or the remote management feature. By default, the
    remote management feature is disabled for these devices.

    To determine whether the remote management feature is enabled for a device,
    administrators can open the web-based management interface and choose Basic
    Settings > Remote Management . If the Enable box is checked, remote
    management is enabled for the device.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability. Disabling the
    remote management feature, if not required, would help to reduce the attack
    surface of this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in the following firmware releases:

       RV110W Wireless-N VPN Firewall: 1.2.2.8
       RV130 VPN Router: 1.0.3.55
       RV130W Wireless-N Multifunction VPN Router: 1.0.3.55
       RV215W Wireless-N VPN Router: 1.3.1.7

    To download the software from the Software Center on Cisco.com, do the
    following:

    RV110W and RV215W

     1. Click Browse All .
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN
        Router > Wireless Router Firmware.
     3. Access releases by using the left pane of the RV110W Wireless-N VPN
        Firewall or RV215W Wireless-N VPN Router page.

    RV130

     1. Click Browse All .
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV130 VPN Router > Small Business Router Firmware .
     3. Access releases by using the left pane of the RV130 VPN Router page.

    RV130W

     1. Click Browse All .
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV130W Wireless-N Multifunction VPN Router > Small Business
        Router Firmware .
     3. Access releases by using the left pane of the RV130W Wireless-N
        Multifunction VPN Router page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Quentin Kaiser for reporting this vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv-auth-bypass-cGv9EruZ

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-JUL-15  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------------------------------------------------------------

- --------------------------------------------------------------------------------

Cisco Small Business RV110W Wireless-N VPN Firewall Static Default Credential
Vulnerability

Priority:        Critical

Advisory ID:     cisco-sa-rv110w-static-cred-BMTWBWTy

First Published: 2020 July 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvs50818 

CVE-2020-3330    
CWE-798

CVSS Score:
9.8  AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the Telnet service of Cisco Small Business RV110W
    Wireless-N VPN Firewall Routers could allow an unauthenticated, remote
    attacker to take full control of the device with a high-privileged account.

    The vulnerability exists because a system account has a default and static
    password. An attacker could exploit this vulnerability by using this
    default account to connect to the affected system. A successful exploit
    could allow the attacker to gain full control of an affected device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv110w-static-cred-BMTWBWTy

Affected Products

  o Vulnerable Products

    This vulnerability affects Cisco Small Business RV110W Wireless-N VPN
    Firewall firmware releases earlier than Release 1.2.2.8.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco Small Business Routers:

       RV130 VPN Router
       RV130W Wireless-N Multifunction VPN Router
       RV215W Wireless-N VPN Router

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in Cisco Small Business RV110W Wireless-N
    VPN Firewall firmware releases 1.2.2.8 and later.

    To download the software from the Software Center on Cisco.com , do the
    following:

     1. Click Browse all .
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV110W Wireless-N VPN Firewall > Wireless Router Firmware.
     3. Choose a release from the left pane of the RV110W Wireless-N VPN
        Firewall page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Larryxi of XDSEC for reporting this
    vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv110w-static-cred-BMTWBWTy

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-JUL-15  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------------------------------------------------------------

Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Management
Interface Remote Command Execution Vulnerability

Priority:        Critical

Advisory ID:     cisco-sa-rv-rce-AQKREqp

First Published: 2020 July 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvr97864 CSCvr97884CSCvr97889

CVE-2020-3323    
CWE-119

CVSS Score:
9.8  AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Small
    Business RV110W, RV130, RV130W, and RV215W Routers could allow an
    unauthenticated, remote attacker to execute arbitrary code on an affected
    device.

    The vulnerability is due to improper validation of user-supplied input in
    the web-based management interface. An attacker could exploit this
    vulnerability by sending crafted HTTP requests to a targeted device. A
    successful exploit could allow the attacker to execute arbitrary code as
    the root user on the underlying operating system of the affected device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv-rce-AQKREqp

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco Small Business routers if
    they are running a vulnerable firmware release:

       RV110W Wireless-N VPN Firewall
       RV130 VPN Router
       RV130W Wireless-N Multifunction VPN Router
       RV215W Wireless-N VPN Router

    For information about which Cisco firmware releases are vulnerable, see the
    Fixed Software section of this advisory.

    The web-based management interface of these devices is available through a
    local LAN connection, which cannot be disabled, or through the WAN
    connection if the remote management feature is enabled. By default, the
    remote management feature is disabled for these devices.

    To determine whether the remote management feature is enabled for a device,
    administrators can open the web-based management interface and choose Basic
    Settings > Remote Management . If the Enable box is checked, remote
    management is enabled for the device.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

    However, disabling the remote management feature, if it is not required,
    would help to reduce the attack surface of this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Customers are advised to upgrade to an appropriate fixed firmware release
    as indicated in the following table:

    Cisco Product                                       First Fixed Release
    RV110W Wireless-N VPN Firewall                      1.2.2.8
    RV130 VPN Router                                    1.0.3.54
    RV130W Wireless-N Multifunction VPN Router          1.0.3.54
    RV215W Wireless-N VPN Router                        1.3.1.7

    To download the software from the Software Center on Cisco.com , do the
    following:

    RV110W and RV215W

     1. Click Browse all.
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN
        Router > Wireless Router Firmware .
     3. Choose a release from the left pane of the RV110W Wireless-N VPN
        Firewall or RV215W Wireless-N VPN Router page.

    RV130 and RV130W

     1. Click Browse all.
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV130 VPN Router or RV130W Wireless-N Multifunction VPN
        Router > Small Business Router Firmware .
     3. Choose a release from the left pane of the RV130 VPN Router or RV130W
        Wireless-N Multifunction VPN Router page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Gyengtak Kim, Jeongun Baek, and Sanghyuk Lee of
    GeekPwn for reporting this vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv-rce-AQKREqp

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-JUL-15  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------------------------------------------------------------

Cisco RV110W, RV130, RV130W, and RV215W Routers Management Interface Remote
Command Execution Multiple Vulnerabilities

Priority:        High

Advisory ID:     cisco-sa-rv-rce-m4FEEGWX

First Published: 2020 July 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available

CVE-2020-3145    
CVE-2020-3146    

CWE-119

CVSS Score:
8.8  AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X

Summary

  o Multiple vulnerabilities in the web-based management interface of the Cisco
    RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N
    Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an
    authenticated, remote attacker to execute arbitrary code on an affected
    device.

    The vulnerabilities are due to improper validation of user-supplied data in
    the web-based management interface. An attacker could exploit these
    vulnerabilities by sending malicious HTTP requests to a targeted device. A
    successful exploit could allow the attacker to execute arbitrary code on
    the underlying operating system of the affected device as a high-privilege
    user.

    Cisco has released software updates that address the vulnerabilities
    described in this advisory. There are no workarounds that address these
    vulnerabilities.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv-rce-m4FEEGWX

Affected Products

  o Vulnerable Products

    These vulnerabilities affects all releases of the following Cisco products
    if they are running a vulnerable software release:

       RV110W Wireless-N VPN Firewall
       RV130 VPN Router
       RV130W Wireless-N Multifunction VPN Router
       RV215W Wireless-N VPN Router

    The web-based management interface of these devices is available through a
    local LAN connection or the remote management feature. By default, the
    remote management feature is disabled for these devices.

    To determine whether the remote management feature is enabled for a device,
    administrators can open the web-based management interface and choose Basic
    Settings > Remote Management . If the Enable box is checked, remote
    management is enabled for the device.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by these vulnerabilities.

Workarounds

  o There are no workarounds that address these vulnerabilities. Disabling the
    remote management feature, if not required, would help to reduce the attack
    surface of these vulnerabilities.

Fixed Software

  o Cisco has released free software updates that address the vulnerabilities
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed these vulnerabilities in the following firmware releases:

       RV110W Wireless-N VPN Firewall: 1.2.2.8
       RV130 VPN Router: 1.0.3.55
       RV130W Wireless-N Multifunction VPN Router: 1.0.3.55
       RV215W Wireless-N VPN Router: 1.3.1.7

    To download the software from the Software Center on Cisco.com, do the
    following:

    RV110W and RV215W

     1. Choose Browse All .
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN
        Router > Wireless Router Firmware .
     3. Access releases by using the left pane of the RV110W Wireless-N VPN
        Firewall or RV215W Wireless-N VPN Router page.

    RV130

     1. Choose Browse All .
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV130 VPN Router > Small Business Router Firmware .
     3. Access releases by using the left pane of the RV130 VPN Router page.

    RV130W

     1. Choose Browse All .
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV130W Wireless-N Multifunction VPN Router > Small Business
        Router Firmware .
     3. Access releases by using the left pane of the RV130W Wireless-N
        Multifunction VPN Router page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerabilities that are
    described in this advisory.

Source

  o Cisco would like to thank Quentin Kaiser for reporting these
    vulnerabilities.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv-rce-m4FEEGWX

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-JUL-15  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------------------------------------------------------------

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial
of Service Vulnerability

Priority:        High

Advisory ID:     cisco-sa-sb-dos-ZN5GvNH7

First Published: 2020 July 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvu36544 

CVE-2020-3358    
CWE-20

Summary

  o A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco
    Small Business RV VPN Routers could allow an unauthenticated, remote
    attacker to cause the device to unexpectedly restart, causing a denial of
    service (DoS) condition.

    The vulnerability is due to a lack of proper input validation of HTTP
    requests. An attacker could exploit this vulnerability by sending a crafted
    HTTP request over an SSL connection to the targeted device. A successful
    exploit could allow the attacker to cause a reload, resulting in a DoS
    condition.

    Cisco has released software updates that address the vulnerability
    described in this advisory. There are no workarounds that address this
    vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-sb-dos-ZN5GvNH7

Affected Products

  o Vulnerable Products

    This vulnerability affects all releases of the following Cisco products if
    SSL VPN is configured on the device:

       RV340 Dual WAN Gigabit VPN Router
       RV340W Dual WAN Gigabit Wireless-AC VPN Router
       RV345 Dual WAN Gigabit VPN Router
       RV345P Dual WAN Gigabit POE VPN Router
    Determining if SSL VPN Is Configured
    The administrator can use the web-based utility to navigate to VPN > SSL
    VPN. If the radio button is clicked to On , the device is vulnerable.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    products:

       RV160 VPN Router
       RV160W Wireless-AC VPN Router
       RV260 VPN Router
       RV260P VPN Router with PoE
       RV260W Wireless-AC VPN Router

Workarounds

  o Disabling the SSL VPN configuration eliminates the attack vector for this
    vulnerability, and may be a suitable mitigation until the affected device
    can be upgraded. The administrator can use the web-based utility to
    navigate to VPN > SSL VPN and set the radio button to Off .

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in firmware release 1.0.03.18.

    To download the software from the Software Center on Cisco.com, click
    Browse All and navigate to Downloads Home > Routers > Small Business
    Routers > Small Business RV Series Routers .

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank 0x00string with exploitee.rs for reporting this
    vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-sb-dos-ZN5GvNH7

Revision History

  o +---------+---------------------------+---------+--------+---------------+
    | Version |        Description        | Section | Status |     Date      |
    +---------+---------------------------+---------+--------+---------------+
    | 1.0     | Initial public release.   | -       | Final  | 2020-July-15  |
    +---------+---------------------------+---------+--------+---------------+

- --------------------------------------------------------------------------------

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote
Code Execution and Denial of Service Vulnerability

Priority:        High

Advisory ID:     cisco-sa-sb-rce-dos-9ZAjkx4

First Published: 2020 July 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvu36543 

CVE-2020-3357    
CWE-20

Summary

  o A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco
    Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN
    Routers could allow an unauthenticated, remote attacker to execute
    arbitrary code on an affected device or cause the device to reload,
    resulting in a denial of service (DoS) condition.

    The vulnerability exists because HTTP requests are not properly validated.
    An attacker could exploit this vulnerability by sending a crafted HTTP
    request over an SSL connection to an affected device. A successful exploit
    could allow the attacker to remotely execute arbitrary code on the device
    or cause the device to reload, resulting in a DoS condition.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-sb-rce-dos-9ZAjkx4

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco Small Business Routers if
    they are running a firmware release earlier than Release 1.0.03.18 and have
    the SSL VPN configured:

       RV340 Dual WAN Gigabit VPN Router
       RV340W Dual WAN Gigabit Wireless-AC VPN Router
       RV345 Dual WAN Gigabit VPN Router
       RV345P Dual WAN Gigabit POE VPN Router

    Determine the SSL VPN Configuration

    To determine whether the SSL VPN is configured, administrators can use the
    web-based utility and choose VPN > SSL VPN . If the radio button is clicked
    to On , the device is vulnerable.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect the following
    Cisco Small Business Routers:

       RV160 VPN Router
       RV160W Wireless-AC VPN Router
       RV260 VPN Router
       RV260P VPN Router with POE
       RV260W Wireless-AC VPN Router

Workarounds

  o There are no workarounds that address this vulnerability. However,
    disabling the SSL VPN eliminates the attack vector for this vulnerable and
    maybe a suitable mitigation until the affected device can be upgraded. To
    disable the SSL VPN, administrators can use the web-based utility, choose
    VPN > SSL VPN, and set the radio button to Off .

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Cisco fixed this vulnerability in Cisco RV340, RV340W, RV345, and RV345P
    Routers firmware releases 1.0.03.18 and later.

    To download the software from the Software Center on Cisco.com , do the
    following:

     1. Click Browse all .
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers .
     3. Choose the appropriate router.
     4. Choose Small Business Router Firmware .
     5. Choose a release from the left pane of the product page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank 0x00string of exploitee.rs for reporting this
    vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-sb-rce-dos-9ZAjkx4

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-JUL-15  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------------------------------------------------------------

Cisco Small Business RV110W and RV215W Series Routers Information Disclosure
Vulnerability

Priority:        Medium

Advisory ID:     cisco-sa-rv-info-dis-FEWBWgsD

First Published: 2020 July 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvr96267 CSCvr96274

CVE-2020-3150    
CWE-285

CVSS Score:
5.9  AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Small
    Business RV110W and RV215W Series Routers could allow an unauthenticated,
    remote attacker to download sensitive information from the device, which
    could include the device configuration.

    The vulnerability is due to improper authorization of an HTTP request. An
    attacker could exploit this vulnerability by accessing a specific URI on
    the web-based management interface of the router, but only after any valid
    user has opened a specific file on the device since the last reboot. A
    successful exploit would allow the attacker to view sensitive information,
    which should be restricted.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv-info-dis-FEWBWgsD

Affected Products

  o Vulnerable Products

    At the time of publication, this vulnerability affected the following Cisco
    Small Business Routers and firmware releases:

       RV110W Wireless-N VPN Firewall releases earlier than Release 1.2.2.8
       RV215W Wireless-N VPN Router releases earlier than Release 1.3.1.7

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

    The web-based management interface of these devices is available through a
    local LAN connection or the remote management feature. By default, the
    remote management feature is disabled for these devices.

    To determine whether the remote management feature is enabled for a device,
    administrators can open the web-based management interface and choose Basic
    Settings > Remote Management . If the Enable box is checked, remote
    management is enabled for the device.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

    Cisco has confirmed that this vulnerability does not affect Cisco Small
    Business RV130 VPN Routers or Cisco Small Business RV130W Wireless-N
    Multifunction VPN Routers.

Workarounds

  o There are no workarounds that address this vulnerability.

    However, disabling the remote management feature, if it is not required,
    would help to reduce the attack surface of this vulnerability.

Fixed Software

  o When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Fixed Releases

    At the time of publication, the following Cisco Small Business routers and
    firmware releases contained the fix for this vulnerability:

       RV110W Wireless-N VPN Firewall releases 1.2.2.8 and later
       RV215W Wireless-N VPN Router releases 1.3.1.7 and later

    See the Details section in the bug ID(s) at the top of this advisory for
    the most complete and current information.

    To download the software from the Software Center on Cisco.com , do the
    following:

     1. Click Browse all .
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN
        Router > Wireless Router Firmware .
     3. Choose a release from left pane.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Quentin Kaiser for reporting this vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-rv-info-dis-FEWBWgsD

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-JUL-15  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------------------------------------------------------------

Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command
Shell Injection Vulnerability

Priority:        High

Advisory ID:     cisco-sa-cmd-shell-injection-9jOQn9Dy

First Published: 2020 July 15 16:00 GMT

Version 1.0:     Final

Workarounds:     No workarounds available
Cisco Bug IDs:   CSCvs50846 CSCvs50849 CSCvs50853 

CVE-2020-3332    
CWE-78

CVSS Score:
8.1  AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X

Summary

  o A vulnerability in the web-based management interface of Cisco Small
    Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an
    authenticated, remote attacker to inject arbitrary shell commands that are
    executed by an affected device.

    The vulnerability is due to insufficient input validation of user-supplied
    data. An attacker could exploit this vulnerability by sending a crafted
    request to the web-based management interface of an affected device. A
    successful exploit could allow the attacker to execute arbitrary shell
    commands or scripts with root privileges on the affected device.

    Cisco has released software updates that address this vulnerability. There
    are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-cmd-shell-injection-9jOQn9Dy

Affected Products

  o Vulnerable Products

    This vulnerability affects the following Cisco Small Business Routers if
    they are running a vulnerable firmware release:

       RV110W Wireless-N VPN Firewall
       RV130 VPN Router
       RV130W Wireless-N Multifunction VPN Router
       RV215W Wireless-N VPN Router

    For information about which Cisco software releases are vulnerable, see the
    Fixed Software section of this advisory.

    The web-based management interface of these devices is available through a
    local LAN connection or the remote management feature. By default, the
    remote management feature is disabled for these devices.

    To determine whether the remote management feature is enabled for a device,
    administrators can open the web-based management interface and choose Basic
    Settings > Remote Management . If the Enable box is checked, remote
    management is enabled for the device.

    Products Confirmed Not Vulnerable

    Only products listed in the Vulnerable Products section of this advisory
    are known to be affected by this vulnerability.

Workarounds

  o There are no workarounds that address this vulnerability.

Fixed Software

  o Cisco has released free software updates that address the vulnerability
    described in this advisory. Customers may only install and expect support
    for software versions and feature sets for which they have purchased a
    license. By installing, downloading, accessing, or otherwise using such
    software upgrades, customers agree to follow the terms of the Cisco
    software license: https://www.cisco.com/c/en/us/products/
    end-user-license-agreement.html

    Additionally, customers may only download software for which they have a
    valid license, procured from Cisco directly, or through a Cisco authorized
    reseller or partner. In most cases this will be a maintenance upgrade to
    software that was previously purchased. Free security software updates do
    not entitle customers to a new software license, additional software
    feature sets, or major revision upgrades.

    When considering software upgrades , customers are advised to regularly
    consult the advisories for Cisco products, which are available from the
    Cisco Security Advisories page , to determine exposure and a complete
    upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded
    contain sufficient memory and confirm that current hardware and software
    configurations will continue to be supported properly by the new release.
    If the information is not clear, customers are advised to contact the Cisco
    Technical Assistance Center (TAC) or their contracted maintenance
    providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service
    contract and customers who make purchases through third-party vendors but
    are unsuccessful in obtaining fixed software through their point of sale
    should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c
    /en/us/support/web/tsd-cisco-worldwide-contacts.html

    Customers should have the product serial number available and be prepared
    to provide the URL of this advisory as evidence of entitlement to a free
    upgrade.

    Fixed Releases

    Customers are advised to upgrade to an appropriate fixed firmware release
    as indicated in the following table:

    Cisco Product                                       First Fixed Release
    RV110W Wireless-N VPN Firewall                      1.2.2.8
    RV130 VPN Router                                    1.0.3.55
    RV130W Wireless-N Multifunction VPN Router          1.0.3.55
    RV215W Wireless-N VPN Router                        1.3.1.7

    To download the software from the Software Center on Cisco.com , do the
    following:

    RV110W and RV215W

     1. Click Browse all.
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV110W Wireless-N VPN Firewall or RV215W Wireless-N VPN
        Router > Wireless Router Firmware .
     3. Choose a release from the left pane of the RV110W Wireless-N VPN
        Firewall or RV215W Wireless-N VPN Router page.

    RV130 and RV130W

     1. Click Browse all.
     2. Choose Routers > Small Business Routers > Small Business RV Series
        Routers > RV130 VPN Router or RV130W Wireless-N Multifunction VPN
        Router > Small Business Router Firmware .
     3. Choose a release from the left pane of the RV130 VPN Router or RV130W
        Wireless-N Multifunction VPN Router page.

Exploitation and Public Announcements

  o The Cisco Product Security Incident Response Team (PSIRT) is not aware of
    any public announcements or malicious use of the vulnerability that is
    described in this advisory.

Source

  o Cisco would like to thank Larryxi of XDSEC for reporting this
    vulnerability.

Cisco Security Vulnerability Policy

  o To learn about Cisco security vulnerability disclosure policies and
    publications, see the Security Vulnerability Policy . This document also
    contains instructions for obtaining fixed software and receiving security
    vulnerability information from Cisco.

URL

  o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/
    cisco-sa-cmd-shell-injection-9jOQn9Dy

Revision History

  o +----------+---------------------------+----------+--------+--------------+
    | Version  |        Description        | Section  | Status |     Date     |
    +----------+---------------------------+----------+--------+--------------+
    | 1.0      | Initial public release.   | -        | Final  | 2020-JUL-15  |
    +----------+---------------------------+----------+--------+--------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXw+6duNLKJtyKPYoAQiDCg//S93WwFT+wosVduVA8qjbg2LFCAmKjjNt
yqXRpL8yvXB1BN3xZORLwh3yF1to2IVSQFOnLoQ7uh6l450niGWIQ/wVYYNqs6It
+enAQ9W/RfOew3xbz6CWAOvFecMUJz/a3GPcqL57Yl/98uZs1SZSD2IzFwIMb5k6
TyXruWdoqkrOsfULWdgdUppY93D7mU226uJyQwQSYcHmIK80ygbDhpphyydmYwKc
xCHsT1xoCLaLlfb1khFrWjA5IW7r2sjraS77rQvDObg7FTbE7qe8/BHMxOWHObP9
9j0UQ3z6cLjPOkaFWbZ4F7ELPTirfSFAhUmCK5zZEk2ZZLYNnrBM6XviyhD2z28Q
7hsIMKOdhh+jmm71lTQgbTaNIldOWPiDShyjtxDK9neIgQGpk02OfJq7rrU952t8
p5uupBF6mxbbX6hbfxooqsprPQr3LQv5+JSdofRhgHcf+mXyGbUcd3yTEczFdTGt
J8FlMkSKyxWI+nDd7rnsMpl6p3ANxP5yDE0vI1l9JGpCQa6tLvmR3JuMOakyhl4F
EXn6OXubO0d12sCmrZ0a9J0oHP1PniVXgPaRKMRORuwxcwzdvF0k3jbESa1qx8px
8YerTJOC/FM4+IL9HQKhvjxw03on4NjIGd83o7Bz/xc3fQoelows7SKw2Bsi8zgf
2GRoDwxb7Jo=
=MsvN
-----END PGP SIGNATURE-----