| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <53179F04.9090906@brianmwaters.net> Date: Wed, 05 Mar 2014 17:02:44 -0500 From: "Brian M. Waters" <brian@...anmwaters.net> To: full-disclosure@...ts.grok.org.uk Subject: Re: Cisco Security Advisory: Cisco Small Business Router Password Disclosure Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Great, just two days after I purchased on on the premise that this would be less likely to happen to a "small business" router than a consumer one! Thanks for being forthcoming, BW On 03/05/2014 11:28, Cisco Systems Product Security Incident Response Team wrote: > Cisco Security Advisory: Cisco Small Business Router Password > Disclosure Vulnerability > > Advisory ID: cisco-sa-20140305-rpd > > Revision 1.0 > > For Public Release 2014 March 5 16:00 UTC (GMT) > > +--------------------------------------------------------------------- > > Summary ======= > > > A vulnerability in the web management interface of the Cisco RV110W > Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, > and the Cisco CVR100W Wireless-N VPN Router could allow an > unauthenticated, remote attacker to gain administrative-level > access to the web management interface of the affected device. > > The vulnerability is due to improper handling of authentication > requests by the web framework. An attacker could exploit this > vulnerability by intercepting, modifying and resubmitting an > authentication request. Successful exploitation of this > vulnerability could give an attacker administrative-level access to > the web-based administration interface on the affected device. > > Cisco has released free software updates that address this > vulnerability. There are currently no known workarounds that > mitigate this vulnerability. This advisory is available at the > following link: > http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd > > > > _______________________________________________ Full-Disclosure - > We believe in it. Charter: > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > sponsored by Secunia - http://secunia.com/ > - -- Brian M. Waters +1 (908) 380-8214 brian@...anmwaters.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQEcBAEBCgAGBQJTF579AAoJEEYNFaEjEsGoJu4H/30s9m46Yj8k2i5ZsOUaXiBv c/Z/tHpKD2uNf7kNs1c8KpD5Gvr7R5jvwZzdi6CVzG08qKoWMYPJii5EYlLOVH2R cK+JQO0sDn7GWbc/5Il7SmarKfkQdYLJxOw2uNxgYiRpImGXiColo7sHP2FkMbxt BJyNT26n1sAyHJ2XyJsxPo5+xjHPrg8O1tdBsVio/FYp0SestNoW/2oYTNzQb5jl TzJr5rS90XNxudVXnptl07djCuhDgkT/JZLST9cUCMpVbwOpHqVhzFZhYan/JfeL Gu43RUS9T1R5p0WPhS1k9L7QkjoWRoqA00sGqwbzq0iHl/XIutDUztP4FSLkFzM= =my8Z -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists