Details of VAR-202007-1016

ID

VAR-202007-1016

CVE

CVE-2020-3150

TITLE

Cisco Small Business RV110W and RV215W Unauthorized authentication vulnerabilities in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-008403

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing a specific URI on the web-based management interface of the router, but only after any valid user has opened a specific file on the device since the last reboot. A successful exploit would allow the attacker to view sensitive information, which should be restricted. Cisco Small Business RV110W Wireless-N VPN Firewall Routers is a VPN router of the US Cisco (Cisco). Cisco Small Business RV110W Wireless-N VPN Firewall versions prior to 1.2.2.8 and RV215W Wireless-N VPN Router versions prior to 1.3.1.7 have authorization issues in the Web management interface

Trust: 2.25

sources: NVD: CVE-2020-3150 // JVNDB: JVNDB-2020-008403 // CNVD: CNVD-2020-44623 // VULMON: CVE-2020-3150

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-44623

AFFECTED PRODUCTS

vendor:	cisco	model:	rv110w	scope:	lt	version:	1.2.2.8	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	lt	version:	1.3.1.7	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	small business rv110w wireless-n vpn firewall	scope:	lt	version:	1.2.2.8	Trust: 0.6
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	lt	version:	1.3.1.7	Trust: 0.6

sources: CNVD: CNVD-2020-44623 // JVNDB: JVNDB-2020-008403 // NVD: CVE-2020-3150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3150
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3150
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-008403
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2020-44623
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202007-1050
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-3150
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3150
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-008403
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-44623
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2020-3150
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3150
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-008403
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-44623 // VULMON: CVE-2020-3150 // JVNDB: JVNDB-2020-008403 // CNNVD: CNNVD-202007-1050 // NVD: CVE-2020-3150 // NVD: CVE-2020-3150

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.8
problemtype:	CWE-285	Trust: 1.0

sources: JVNDB: JVNDB-2020-008403 // NVD: CVE-2020-3150

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1050

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202007-1050

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008403

PATCH

title:	cisco-sa-rv-info-dis-FEWBWgsD	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-info-dis-FEWBWgsD	Trust: 0.8
title:	Patch for Cisco Small Business RV110W Wireless-N VPN Firewall and RV215W Wireless-N VPN Router authorization issue vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/227879	Trust: 0.6
title:	Cisco Small Business RV110W and RV215W Series Routers Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124127	Trust: 0.6
title:	Cisco: Cisco Small Business RV110W and RV215W Series Routers Information Disclosure Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-info-dis-FEWBWgsD	Trust: 0.1

sources: CNVD: CNVD-2020-44623 // VULMON: CVE-2020-3150 // JVNDB: JVNDB-2020-008403 // CNNVD: CNNVD-202007-1050

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3150	Trust: 3.1
db:	JVNDB	id:	JVNDB-2020-008403	Trust: 0.8
db:	CNVD	id:	CNVD-2020-44623	Trust: 0.6
db:	NSFOCUS	id:	47677	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2417	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1050	Trust: 0.6
db:	VULMON	id:	CVE-2020-3150	Trust: 0.1

sources: CNVD: CNVD-2020-44623 // VULMON: CVE-2020-3150 // JVNDB: JVNDB-2020-008403 // CNNVD: CNNVD-202007-1050 // NVD: CVE-2020-3150

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-info-dis-fewbwgsd	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3150	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3150	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47677	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2417/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2020-44623 // VULMON: CVE-2020-3150 // JVNDB: JVNDB-2020-008403 // CNNVD: CNNVD-202007-1050 // NVD: CVE-2020-3150

SOURCES

db:	CNVD	id:	CNVD-2020-44623
db:	VULMON	id:	CVE-2020-3150
db:	JVNDB	id:	JVNDB-2020-008403
db:	CNNVD	id:	CNNVD-202007-1050
db:	NVD	id:	CVE-2020-3150

LAST UPDATE DATE

2024-11-23T21:59:08.800000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-44623	date:	2020-08-06T00:00:00
db:	VULMON	id:	CVE-2020-3150	date:	2020-07-22T00:00:00
db:	JVNDB	id:	JVNDB-2020-008403	date:	2020-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202007-1050	date:	2020-08-12T00:00:00
db:	NVD	id:	CVE-2020-3150	date:	2024-11-21T05:30:25.813

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-44623	date:	2020-07-31T00:00:00
db:	VULMON	id:	CVE-2020-3150	date:	2020-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2020-008403	date:	2020-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202007-1050	date:	2020-07-15T00:00:00
db:	NVD	id:	CVE-2020-3150	date:	2020-07-16T18:15:16.817