=====================================================================

                           CERT-Renater

               Note d'Information No. 2014/VULN060
_____________________________________________________________________

DATE                : 06/03/2014

HARDWARE PLATFORM(S): Cisco RV110W Wireless-N VPN Firewall,
                      Cisco RV215W Wireless-N VPN Router,
                      Cisco CVR100W Wireless-N VPN Router.

OPERATING SYSTEM(S): Cisco Small Business Router firmware.

======================================================================
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd
______________________________________________________________________

Cisco Security Advisory: Cisco Small Business Router Password Disclosure
Vulnerability

Advisory ID: cisco-sa-20140305-rpd

Revision 1.0

For Public Release 2014 March 5 16:00  UTC (GMT)

+---------------------------------------------------------------------


Summary
=======


A vulnerability in the web management interface of the Cisco RV110W
Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and
the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated,
remote attacker to gain administrative-level access to the web
management interface of the affected device.

The vulnerability is due to improper handling of authentication
requests by the web framework. An attacker could exploit this
vulnerability by intercepting, modifying and resubmitting an
authentication request. Successful exploitation of this vulnerability
could give an attacker administrative-level access to the web-based
administration interface on the affected device.

Cisco has released free software updates that address this
vulnerability. There are currently no known workarounds that mitigate
this vulnerability. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140305-rpd

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================