Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
0
Replies

RVS4000 v1 V.1.3.3.5 potential vulnerabilities

kathey001
Level 1
Level 1

‎11-10-2013 11:20 AM

I just learned of netalyzr from berkeley that helps identify network issues.

http://netalyzr.icsi.berkeley.edu/index.html

I ran it on my internal network (pretty nice) and recieved the output that follows..regarding my RVS4000

I am running firmware version V1.3.3.5

I'm interested in how to resolve the potential vulnerabilities reported:

CVE-2012-5958

CVE-2012-5959

At the very least I'd like to make the engineers aware of the possibility...

-K

---------------------------------------------------------------------------

output from netalyzr...

10.0.0.1: this device provided a valid device description via its UPnP URL. This description, viewable

here, contains the following information about this gateway:

  • Name: Cisco VPN Router
  • Manufacturer: Cisco Systems.
  • Manufacturer URL: http://www.cisco.com
  • Model name: 4-Port Gigabit Security Router with VPN
  • Model number: RVS4000
  • Model URL: http://www.cisco.com
  • Model Description: Cisco VPN Router

This device appears to run "Linux/2.4.27-star, UPnP/1.0, Intel SDK for UPnP devices /1.2". This system may be vulnerable to

CVE-2012-5958

and

CVE-2012-5959

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents