CISA Known Exploited Vulnerability

CVE-2019-1652

Cisco · Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers

Cisco Small Business Routers Improper Input Validation Vulnerability

Date added 2022-03-03

BOD 22-01 due date 2022-03-17

CWE CWE-20

Ransomware Unknown

CISA description

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2019-1652

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2019-1652
CVE.org · CVE-2019-1652
CISA KEV catalog (canonical)