{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2020-036.pdf"
    },
    "title": "Critical Cisco Vulnerabilities",
    "serial_number": "2020-036",
    "publish_date": "16-07-2020 10:06:00",
    "description": "Cisco released 31 Security Advisories for vulnerabilities affecting its products. Five of them are rated critical with CVSS Score 9.8. In particular, critical vulnerabilities affect: telnet service of firewall routers (CVE-2020-3330), web-based management interface of routers (CVE-2020-3323, CVE-2020-3144, and CVE-2020-3331), and web management interface of Cisco Prime License Manager (PLM) software (CVE-2020-3140).",
    "url_title": "2020-036",
    "content_markdown": "---\ntitle: 'Critical Cisco Vulnerabilities'\nversion: '1.0'\nnumber: '2020-036'\ndate: 'July 16, 2020'\n---\n\n_History:_\n\n* _16/07/2020 --- v1.0 -- Initial publication_\n\n# Summary\n\nCisco released 31 Security Advisories for vulnerabilities affecting its products. Five of them are rated **critical** with **CVSS Score 9.8**. In particular, critical vulnerabilities affect: telnet service of firewall routers (CVE-2020-3330), web-based management interface of routers (CVE-2020-3323, CVE-2020-3144, and CVE-2020-3331), and web management interface of Cisco Prime License Manager (PLM) software (CVE-2020-3140) [1].\n\n# Technical Details\n\nWe present here on the details of the critical vulnerabilities. Additional information may be found in [1].\n\n**CVE-2020-3330**\n\nThe vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device [2].\n\n**CVE-2020-3323**\n\nThe vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device [3].\n\n**CVE-2020-3144**\n\nThe vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device [4].\n\n**CVE-2020-3331**\n\nThe vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the `root` user [5].\n\n**CVE-2020-3140**\n\nThe vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability [6].  \n\n# Products Affected\n\nThese vulnerabilities affect several products:\n\n* RV110W Wireless-N VPN Firewall (CVE-2020-3323, CVE-2020-3144), and releases earlier than Release 1.2.2.8 (CVE-2020-3331)\n* RV130 VPN Router (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144)\n* RV130W Wireless-N Multifunction VPN Router (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144)\n* RV215W Wireless-N VPN Router (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144), and releases earlier than Release 1.3.1.7. (CVE-2020-3331)\n* Cisco Prime License Manager 10.5(2)SU9 and earlier (CVE-2020-3140)\n* Cisco Prime License Manager 11.5(1)SU6 and earlier (CVE-2020-3140)\n\n# Recommendations\n\nCisco has released software updates that address these vulnerabilities. **CERT-EU strongly advises applying available patches [1] as soon as possible**.\n\n## Workarounds\n\n* For vulnerabilities identified by CVE-2020-3330, CVE-2020-3140, and CVE-2020-3331 there are no workarounds that address these vulnerabilities.\n* For vulnerabilities identified by CVE-2020-3144 and CVE-2020-3323, there are also no workarounds. However, disabling the remote management feature (if it is not required) would help to reduce the attack surface.\n\n# References\n\n[1] <https://tools.cisco.com/security/center/publicationListing.x>\n\n[2] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy>\n\n[3] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp>\n\n[4] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ>\n\n[5] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb>\n\n[6] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>16/07/2020 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>Cisco released 31 Security Advisories for vulnerabilities affecting its products. Five of them are rated <strong>critical</strong> with <strong>CVSS Score 9.8</strong>. In particular, critical vulnerabilities affect: telnet service of firewall routers (CVE-2020-3330), web-based management interface of routers (CVE-2020-3323, CVE-2020-3144, and CVE-2020-3331), and web management interface of Cisco Prime License Manager (PLM) software (CVE-2020-3140) [1].</p><h2 id=\"technical-details\">Technical Details</h2><p>We present here on the details of the critical vulnerabilities. Additional information may be found in [1].</p><p><strong>CVE-2020-3330</strong></p><p>The vulnerability exists because a system account has a default and static password. An attacker could exploit this vulnerability by using this default account to connect to the affected system. A successful exploit could allow the attacker to gain full control of an affected device [2].</p><p><strong>CVE-2020-3323</strong></p><p>The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device [3].</p><p><strong>CVE-2020-3144</strong></p><p>The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device [4].</p><p><strong>CVE-2020-3331</strong></p><p>The vulnerability is due to improper validation of user-supplied input data by the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the <code>root</code> user [5].</p><p><strong>CVE-2020-3140</strong></p><p>The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability [6]. </p><h2 id=\"products-affected\">Products Affected</h2><p>These vulnerabilities affect several products:</p><ul><li>RV110W Wireless-N VPN Firewall (CVE-2020-3323, CVE-2020-3144), and releases earlier than Release 1.2.2.8 (CVE-2020-3331)</li><li>RV130 VPN Router (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144)</li><li>RV130W Wireless-N Multifunction VPN Router (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144)</li><li>RV215W Wireless-N VPN Router (CVE-2020-3330, CVE-2020-3323, CVE-2020-3144), and releases earlier than Release 1.3.1.7. (CVE-2020-3331)</li><li>Cisco Prime License Manager 10.5(2)SU9 and earlier (CVE-2020-3140)</li><li>Cisco Prime License Manager 11.5(1)SU6 and earlier (CVE-2020-3140)</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>Cisco has released software updates that address these vulnerabilities. <strong>CERT-EU strongly advises applying available patches [1] as soon as possible</strong>.</p><h3 id=\"workarounds\">Workarounds</h3><ul><li>For vulnerabilities identified by CVE-2020-3330, CVE-2020-3140, and CVE-2020-3331 there are no workarounds that address these vulnerabilities.</li><li>For vulnerabilities identified by CVE-2020-3144 and CVE-2020-3323, there are also no workarounds. However, disabling the remote management feature (if it is not required) would help to reduce the attack surface.</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/publicationListing.x\">https://tools.cisco.com/security/center/publicationListing.x</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv110w-static-cred-BMTWBWTy</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-code-exec-wH3BNFb</a></p><p>[6] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}