Sign-up

ID

VAR-202301-0962


CVE

CVE-2023-20025


TITLE

Cisco Small Business RV042  Input Validation Vulnerability in Series Routers

Trust: 0.8

sources: JVNDB: JVNDB-2023-002344

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20025 // JVNDB: JVNDB-2023-002344 // VULMON: CVE-2023-20025

AFFECTED PRODUCTS

vendor:ciscomodel:rv082scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv016scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:rv016 multi-wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042g dual gigabit wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv082 dual wan vpnscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002344 // NVD: CVE-2023-20025

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20025
value: CRITICAL

Trust: 1.8

ykramarz@cisco.com: CVE-2023-20025
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202301-943
value: CRITICAL

Trust: 0.6

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com:
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-20025
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002344 // CNNVD: CNNVD-202301-943 // NVD: CVE-2023-20025 // NVD: CVE-2023-20025

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002344 // NVD: CVE-2023-20025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-943

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-943

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-20025

PATCH
title:cisco-sa-sbr042-multi-vuln-ej76Pke5url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5
Trust: 0.8
title:Cisco Small Business RV016 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=223494
Trust: 0.6
title:Cisco: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sbr042-multi-vuln-ej76pke5
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20025 // 
            
            
            
            JVNDB: JVNDB-2023-002344 // 
            
            
            
            CNNVD: CNNVD-202301-943

EXTERNAL IDS
db:NVDid:CVE-2023-20025
Trust: 3.3
db:JVNDBid:JVNDB-2023-002344
Trust: 0.8
db:AUSCERTid:ESB-2023.0171
Trust: 0.6
db:CNNVDid:CNNVD-202301-943
Trust: 0.6
db:VULMONid:CVE-2023-20025
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20025 // 
            
            
            
            JVNDB: JVNDB-2023-002344 // 
            
            
            
            CNNVD: CNNVD-202301-943 // 
            
            
            
            NVD: CVE-2023-20025

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2023-20025
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2023.0171
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2023-20025/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20025 // 
            
            
            
            JVNDB: JVNDB-2023-002344 // 
            
            
            
            CNNVD: CNNVD-202301-943 // 
            
            
            
            NVD: CVE-2023-20025

SOURCES
db:VULMONid:CVE-2023-20025
db:JVNDBid:JVNDB-2023-002344
db:CNNVDid:CNNVD-202301-943
db:NVDid:CVE-2023-20025

LAST UPDATE DATE
2024-01-29T19:13:09.565000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-20025date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002344date:2023-07-05T07:35:00
db:CNNVDid:CNNVD-202301-943date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20025date:2024-01-25T17:15:25.523

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-20025date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002344date:2023-07-05T00:00:00
db:CNNVDid:CNNVD-202301-943date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20025date:2023-01-20T07:15:14.490