Details of VAR-202006-1114

ID

VAR-202006-1114

CVE

CVE-2020-3269

TITLE

plural Cisco RV Buffer error vulnerability in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-006870

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. plural Cisco RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco RV110W is a VPN firewall router from Cisco in the United States. There are buffer overflow vulnerabilities in the web management interface of many Cisco products. The vulnerability stems from the program's failure to properly limit user input boundaries

Trust: 2.16

sources: NVD: CVE-2020-3269 // JVNDB: JVNDB-2020-006870 // CNVD: CNVD-2020-35167

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-35167

AFFECTED PRODUCTS

vendor:	cisco	model:	rv110w	scope:	lte	version:	1.2.2.5	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	lte	version:	1.0.3.54	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	lte	version:	1.0.3.54	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	lte	version:	1.3.1.5	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv130w wireless-n multifunction vpn routerr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv130 vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv110w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv215w	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv130w no	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	rv130	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2020-35167 // JVNDB: JVNDB-2020-006870 // NVD: CVE-2020-3269

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3269
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3269
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-006870
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2020-35167
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-1157
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-3269
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-006870
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-35167
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-3269
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3269
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-006870
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-35167 // JVNDB: JVNDB-2020-006870 // CNNVD: CNNVD-202006-1157 // NVD: CVE-2020-3269 // NVD: CVE-2020-3269

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-787	Trust: 1.0

sources: JVNDB: JVNDB-2020-006870 // NVD: CVE-2020-3269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1157

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202006-1157

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-006870

PATCH

title:	cisco-sa-rv-routers-injection-tWC7krKQ	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-routers-injection-tWC7krKQ	Trust: 0.8
title:	Patch for Multiple Buffer Overflow Vulnerabilities in Cisco Products (CNVD-2020-35167)	url:	https://www.cnvd.org.cn/patchInfo/show/223607	Trust: 0.6
title:	Multiple Cisco Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=121850	Trust: 0.6

sources: CNVD: CNVD-2020-35167 // JVNDB: JVNDB-2020-006870 // CNNVD: CNNVD-202006-1157

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3269	Trust: 3.0
db:	JVNDB	id:	JVNDB-2020-006870	Trust: 0.8
db:	CNVD	id:	CNVD-2020-35167	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2119	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2119.2	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-1157	Trust: 0.6

sources: CNVD: CNVD-2020-35167 // JVNDB: JVNDB-2020-006870 // CNNVD: CNNVD-202006-1157 // NVD: CVE-2020-3269

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-routers-injection-twc7krkq	Trust: 2.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3269	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3269	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2119/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2119.2/	Trust: 0.6

sources: CNVD: CNVD-2020-35167 // JVNDB: JVNDB-2020-006870 // CNNVD: CNNVD-202006-1157 // NVD: CVE-2020-3269

CREDITS

Kai Cheng

Trust: 0.6

sources: CNNVD: CNNVD-202006-1157

SOURCES

db:	CNVD	id:	CNVD-2020-35167
db:	JVNDB	id:	JVNDB-2020-006870
db:	CNNVD	id:	CNNVD-202006-1157
db:	NVD	id:	CVE-2020-3269

LAST UPDATE DATE

2024-11-23T21:35:43.614000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-35167	date:	2020-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-006870	date:	2020-07-22T00:00:00
db:	CNNVD	id:	CNNVD-202006-1157	date:	2021-10-20T00:00:00
db:	NVD	id:	CVE-2020-3269	date:	2024-11-21T05:30:41.823

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-35167	date:	2020-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2020-006870	date:	2020-07-22T00:00:00
db:	CNNVD	id:	CNNVD-202006-1157	date:	2020-06-17T00:00:00
db:	NVD	id:	CVE-2020-3269	date:	2020-06-18T03:15:12.073