CERTFR-2021-AVI-642
Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans les produits Cisco. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Note : Cette vulnérabilité affecte le service UPnP (Universal Plug-and-Play). Par défaut, le service est activé uniquement sur les interfaces associées au réseau local et est désactivé sur les interfaces externes.

Solution

Les produits affectés ne sont plus maintenus par l'éditeur et ne disposeront donc pas de correctif.

Le CERT-FR recommande fortement de procéder au remplacement de ces équipements.

Contournement provisoire

Désactiver le service UPnP via l'interface d'administration (menu 'Basic Settings' / 'UPnP', cocher les cases 'Disabled').

None
Impacted products
Vendor Product Description
Cisco N/A RV110W Wireless-N VPN Firewalls
Cisco N/A RV130W Wireless-N Multifunction VPN Routers
Cisco N/A RV215W Wireless-N VPN Routers
Cisco N/A RV130 VPN Routers
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "RV110W Wireless-N VPN Firewalls",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "RV130W Wireless-N Multifunction VPN Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "RV215W Wireless-N VPN Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "RV130 VPN Routers",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\n\u003cu\u003eLes produits affect\u00e9s ne sont plus maintenus par l\u0027\u00e9diteur et ne\ndisposeront donc pas de correctif.\u003c/u\u003e\n\nLe CERT-FR recommande fortement de proc\u00e9der au remplacement de ces\n\u00e9quipements.\n\n## Contournement provisoire\n\nD\u00e9sactiver le service *UPnP via* l\u0027interface d\u0027administration (menu\n\u0027Basic Settings\u0027 / \u0027UPnP\u0027, cocher les cases \u0027Disabled\u0027).\n",
  "cves": [
    {
      "name": "CVE-2021-34730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34730"
    }
  ],
  "initial_release_date": "2021-08-19T00:00:00",
  "last_revision_date": "2021-08-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-642",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Cisco. Elle permet\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance\net un d\u00e9ni de service \u00e0 distance.\n\n\u003cu\u003eNote :\u003c/u\u003e Cette vuln\u00e9rabilit\u00e9 affecte le service *UPnP* (*Universal\nPlug-and-Play*). Par d\u00e9faut, le service est activ\u00e9 uniquement sur les\ninterfaces associ\u00e9es au r\u00e9seau local et est d\u00e9sactiv\u00e9 sur les interfaces\nexternes.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cisco-sb-rv-overflow-htpymMB5 du 18 ao\u00fbt 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.