RVS4000 v1 V.1.3.3.5 potential vulnerabilities

Unanswered Question
Nov 10th, 2013
User Badges:

I just learned of netalyzr from berkeley that helps identify network issues.

http://netalyzr.icsi.berkeley.edu/index.html

I ran it on my internal network (pretty nice) and recieved the output that follows..regarding my RVS4000

I am running firmware version V1.3.3.5

I'm interested in how to resolve the potential vulnerabilities reported:

CVE-2012-5958

CVE-2012-5959

At the very least I'd like to make the engineers aware of the possibility...

-K

---------------------------------------------------------------------------

output from netalyzr...

10.0.0.1: this device provided a valid device description via its UPnP URL. This description, viewable

here, contains the following information about this gateway:

  • Name: Cisco VPN Router
  • Manufacturer: Cisco Systems.
  • Manufacturer URL: http://www.cisco.com
  • Model name: 4-Port Gigabit Security Router with VPN
  • Model number: RVS4000
  • Model URL: http://www.cisco.com
  • Model Description: Cisco VPN Router

This device appears to run "Linux/2.4.27-star, UPnP/1.0, Intel SDK for UPnP devices /1.2". This system may be vulnerable to

CVE-2012-5958

and

CVE-2012-5959

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.