Sign-up

ID

VAR-202006-1113


CVE

CVE-2020-3268


TITLE

plural Cisco RV Buffer error vulnerability in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-006869

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W is a VPN firewall router from Cisco in the United States. There are command injection vulnerabilities in many Cisco products. The vulnerability stems from the web interface's failure to properly verify the input submitted by the user

Trust: 2.16

sources: NVD: CVE-2020-3268 // JVNDB: JVNDB-2020-006869 // CNVD: CNVD-2020-35164

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-35164

AFFECTED PRODUCTS

vendor:ciscomodel:rv110wscope:lteversion:1.2.2.5

Trust: 1.0

vendor:ciscomodel:rv130wscope:lteversion:1.0.3.54

Trust: 1.0

vendor:ciscomodel:rv130scope:lteversion:1.0.3.54

Trust: 1.0

vendor:ciscomodel:rv215wscope:lteversion:1.3.1.5

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerrscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv215w wireless-n vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv130 vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:small business rv110w wireless-n vpn firewallscope:lteversion:<=1.2.2.5

Trust: 0.6

vendor:ciscomodel:small business rv130 vpn routerscope:lteversion:<=1.0.3.54

Trust: 0.6

vendor:ciscomodel:small business rv130w wireless-n multifunction vpn routerscope:lteversion:<=1.0.3.54

Trust: 0.6

vendor:ciscomodel:small business rv215w wireless-n vpn routerscope:lteversion:<=1.3.1.5

Trust: 0.6

sources: CNVD: CNVD-2020-35164 // JVNDB: JVNDB-2020-006869 // NVD: CVE-2020-3268

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3268
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3268
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-006869
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-35164
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202006-1154
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-3268
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-006869
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-35164
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-3268
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3268
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-006869
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-35164 // JVNDB: JVNDB-2020-006869 // CNNVD: CNNVD-202006-1154 // NVD: CVE-2020-3268 // NVD: CVE-2020-3268

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2020-006869 // NVD: CVE-2020-3268

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1154

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-1154

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006869

PATCH
title:cisco-sa-rv-routers-injection-tWC7krKQurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQ
Trust: 0.8
title:Patch for Multiple Cisco product command injection vulnerabilities (CNVD-2020-35164)url:https://www.cnvd.org.cn/patchInfo/show/223627
Trust: 0.6
title:Multiple Cisco Product Command Injection Vulnerability Fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122551
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-35164 // 
            
            
            
            JVNDB: JVNDB-2020-006869 // 
            
            
            
            CNNVD: CNNVD-202006-1154

EXTERNAL IDS
db:NVDid:CVE-2020-3268
Trust: 3.0
db:JVNDBid:JVNDB-2020-006869
Trust: 0.8
db:CNVDid:CNVD-2020-35164
Trust: 0.6
db:AUSCERTid:ESB-2020.2119
Trust: 0.6
db:CNNVDid:CNNVD-202006-1154
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-35164 // 
            
            
            
            JVNDB: JVNDB-2020-006869 // 
            
            
            
            CNNVD: CNNVD-202006-1154 // 
            
            
            
            NVD: CVE-2020-3268

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-injection-twc7krkq
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-3268
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3268
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2119/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-35164 // 
            
            
            
            JVNDB: JVNDB-2020-006869 // 
            
            
            
            CNNVD: CNNVD-202006-1154 // 
            
            
            
            NVD: CVE-2020-3268

CREDITS
Kai Cheng
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1154

SOURCES
db:CNVDid:CNVD-2020-35164
db:JVNDBid:JVNDB-2020-006869
db:CNNVDid:CNNVD-202006-1154
db:NVDid:CVE-2020-3268

LAST UPDATE DATE
2024-11-23T21:35:43.641000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-35164date:2020-06-30T00:00:00
db:JVNDBid:JVNDB-2020-006869date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1154date:2020-06-29T00:00:00
db:NVDid:CVE-2020-3268date:2024-11-21T05:30:41.707

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-35164date:2020-06-30T00:00:00
db:JVNDBid:JVNDB-2020-006869date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1154date:2020-06-17T00:00:00
db:NVDid:CVE-2020-3268date:2020-06-18T03:15:11.963