CVE-2015-6397
high
CVSS v3
8.8
CVSS v2
9.0
VIR risk
8.8
Description
Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2
- http://www.securityfocus.com/bid/92273
- http://www.securitytracker.com/id/1036524
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160803-rv110_130w2
- http://www.securityfocus.com/bid/92273
- http://www.securitytracker.com/id/1036524
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.