CVE-2015-6319
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID CSCuv29574.
Known Affected Software
13 configuration(s) from 2 vendor(s)
rv_series_router_firmware
Version:
1.2.0.2
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.2.0.2:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.2.6
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.2.6:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.1.9
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.1.9:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.0.2
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.2:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.6.6
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.6.6:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.3.10
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.3.10:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.4.10
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.10:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.5.8
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.8:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.1.0.9
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.1.0.9:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.4.14
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.4.14:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.0.30
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.0.30:*:*:*:*:*:*:*
rv_series_router_firmware
Version:
1.0.5.6
CPE:
cpe:2.3:o:cisco:rv_series_router_firmware:1.0.5.6:*:*:*:*:*:*:*
opensolaris
Version:
snv_124
CPE:
cpe:2.3:o:sun:opensolaris:snv_124:*:*:*:*:*:*:*
This vulnerability affects 13 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220psirt@cisco.com Vendor Advisory
-
http://www.securitytracker.com/id/1034830psirt@cisco.com
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.securitytracker.com/id/1034830af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-89
Top 25 #3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- Description
- The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a…
- Exploit Likelihood
- High
- Typical Severity
- High
- OWASP Top 10
- A03:2021-Injection
- Abstraction Level
- Base
Key Information
- Published Date
- January 27, 2016
