Sign-up

ID

VAR-202007-0997


CVE

CVE-2020-3144


TITLE

plural Cisco RV Authentication vulnerabilities in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-008400

DESCRIPTION

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. The vulnerability is due to improper session management on affected devices. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to gain administrative access on the affected device. plural Cisco RV A series router contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2020-3144 // JVNDB: JVNDB-2020-008400 // VULMON: CVE-2020-3144

AFFECTED PRODUCTS

vendor:ciscomodel:rv110wscope:ltversion:1.2.2.8

Trust: 1.0

vendor:ciscomodel:rv215wscope:ltversion:1.3.1.7

Trust: 1.0

vendor:ciscomodel:rv130wscope:ltversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv130scope:ltversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerrscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv215w wireless-n vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv130 vpn routerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008400 // NVD: CVE-2020-3144

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3144
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3144
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-008400
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-1143
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-3144
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3144
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008400
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-3144
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3144
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008400
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-3144 // JVNDB: JVNDB-2020-008400 // CNNVD: CNNVD-202007-1143 // NVD: CVE-2020-3144 // NVD: CVE-2020-3144

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

problemtype:CWE-284

Trust: 1.0

sources: JVNDB: JVNDB-2020-008400 // NVD: CVE-2020-3144

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1143

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202007-1143

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008400

PATCH
title:cisco-sa-rv-auth-bypass-cGv9EruZurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-auth-bypass-cGv9EruZ
Trust: 0.8
title:Multiple Cisco Product Authorization Issue Vulnerability Fixing Measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124927
Trust: 0.6
title:The Registerurl:https://www.theregister.co.uk/2020/07/16/cisco_patches_july/
Trust: 0.2
title:Cisco: Cisco RV110W, RV130, RV130W, and RV215W Routers Authentication Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-auth-bypass-cGv9EruZ
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3144 // 
            
            
            
            JVNDB: JVNDB-2020-008400 // 
            
            
            
            CNNVD: CNNVD-202007-1143

EXTERNAL IDS
db:NVDid:CVE-2020-3144
Trust: 2.5
db:JVNDBid:JVNDB-2020-008400
Trust: 0.8
db:AUSCERTid:ESB-2020.2417
Trust: 0.6
db:NSFOCUSid:48352
Trust: 0.6
db:CNNVDid:CNNVD-202007-1143
Trust: 0.6
db:VULMONid:CVE-2020-3144
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3144 // 
            
            
            
            JVNDB: JVNDB-2020-008400 // 
            
            
            
            CNNVD: CNNVD-202007-1143 // 
            
            
            
            NVD: CVE-2020-3144

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-auth-bypass-cgv9eruz
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-3144
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3144\
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2417/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48352
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3144 // 
            
            
            
            JVNDB: JVNDB-2020-008400 // 
            
            
            
            CNNVD: CNNVD-202007-1143 // 
            
            
            
            NVD: CVE-2020-3144

SOURCES
db:VULMONid:CVE-2020-3144
db:JVNDBid:JVNDB-2020-008400
db:CNNVDid:CNNVD-202007-1143
db:NVDid:CVE-2020-3144

LAST UPDATE DATE
2024-11-23T21:59:08.770000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-3144date:2020-07-23T00:00:00
db:JVNDBid:JVNDB-2020-008400date:2020-09-11T00:00:00
db:CNNVDid:CNNVD-202007-1143date:2020-09-03T00:00:00
db:NVDid:CVE-2020-3144date:2024-11-21T05:30:25.007

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-3144date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-008400date:2020-09-11T00:00:00
db:CNNVDid:CNNVD-202007-1143date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3144date:2020-07-16T18:15:16.487