Sign-up

ID

VAR-202301-0961


CVE

CVE-2023-20026


TITLE

Cisco Small Business Routers RV042  Input validation vulnerability in series

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20026 // JVNDB: JVNDB-2023-002358 // VULMON: CVE-2023-20026

AFFECTED PRODUCTS

vendor:ciscomodel:rv082scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv016scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:rv042 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv016 multi-wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042g dual gigabit wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv082 dual wan vpnscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358 // NVD: CVE-2023-20026

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20026
value: HIGH

Trust: 1.8

ykramarz@cisco.com: CVE-2023-20026
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202301-947
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2023-20026
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358 // CNNVD: CNNVD-202301-947 // NVD: CVE-2023-20026 // NVD: CVE-2023-20026

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358 // NVD: CVE-2023-20026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-947

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-947

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-20026

PATCH
title:cisco-sa-sbr042-multi-vuln-ej76Pke5url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5
Trust: 0.8
title:Cisco Small Business RV016 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=223495
Trust: 0.6
title:Cisco: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sbr042-multi-vuln-ej76pke5
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20026 // 
            
            
            
            JVNDB: JVNDB-2023-002358 // 
            
            
            
            CNNVD: CNNVD-202301-947

EXTERNAL IDS
db:NVDid:CVE-2023-20026
Trust: 3.3
db:JVNDBid:JVNDB-2023-002358
Trust: 0.8
db:AUSCERTid:ESB-2023.0171
Trust: 0.6
db:CNNVDid:CNNVD-202301-947
Trust: 0.6
db:VULMONid:CVE-2023-20026
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20026 // 
            
            
            
            JVNDB: JVNDB-2023-002358 // 
            
            
            
            CNNVD: CNNVD-202301-947 // 
            
            
            
            NVD: CVE-2023-20026

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2023-20026
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2023.0171
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2023-20026/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20026 // 
            
            
            
            JVNDB: JVNDB-2023-002358 // 
            
            
            
            CNNVD: CNNVD-202301-947 // 
            
            
            
            NVD: CVE-2023-20026

SOURCES
db:VULMONid:CVE-2023-20026
db:JVNDBid:JVNDB-2023-002358
db:CNNVDid:CNNVD-202301-947
db:NVDid:CVE-2023-20026

LAST UPDATE DATE
2024-01-29T19:13:09.541000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-20026date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002358date:2023-07-07T02:23:00
db:CNNVDid:CNNVD-202301-947date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20026date:2024-01-25T17:15:25.637

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-20026date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002358date:2023-07-07T00:00:00
db:CNNVDid:CNNVD-202301-947date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20026date:2023-01-20T07:15:14.813