ID

VAR-202007-1020


CVE

CVE-2020-3323


TITLE

plural Cisco Small Business RV Buffer error vulnerability in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-008406

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3323 // JVNDB: JVNDB-2020-008406

AFFECTED PRODUCTS

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:ltversion:1.2.2.8

Trust: 1.0

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope:ltversion:1.0.3.54

Trust: 1.0

vendor:ciscomodel:rv130 vpn routerscope:ltversion:1.0.3.54

Trust: 1.0

vendor:ciscomodel:rv215w wireless-n vpn routerscope:ltversion:1.3.1.7

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerrscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv215w wireless-n vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv130 vpn routerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008406 // NVD: CVE-2020-3323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3323
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3323
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-008406
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-1149
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2020-3323
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008406
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-3323
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3323
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008406
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-008406 // CNNVD: CNNVD-202007-1149 // NVD: CVE-2020-3323 // NVD: CVE-2020-3323

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-20

Trust: 1.0

sources: JVNDB: JVNDB-2020-008406 // NVD: CVE-2020-3323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1149

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1149

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008406

PATCH

title:cisco-sa-rv-rce-AQKREqpurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp

Trust: 0.8

title:Multiple Cisco Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124599

Trust: 0.6

sources: JVNDB: JVNDB-2020-008406 // CNNVD: CNNVD-202007-1149

EXTERNAL IDS

db:NVDid:CVE-2020-3323

Trust: 2.4

db:JVNDBid:JVNDB-2020-008406

Trust: 0.8

db:AUSCERTid:ESB-2020.2417

Trust: 0.6

db:CNNVDid:CNNVD-202007-1149

Trust: 0.6

sources: JVNDB: JVNDB-2020-008406 // CNNVD: CNNVD-202007-1149 // NVD: CVE-2020-3323

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-rce-aqkreqp

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-3323

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3323

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2020.2417/

Trust: 0.6

sources: JVNDB: JVNDB-2020-008406 // CNNVD: CNNVD-202007-1149 // NVD: CVE-2020-3323

SOURCES

db:JVNDBid:JVNDB-2020-008406
db:CNNVDid:CNNVD-202007-1149
db:NVDid:CVE-2020-3323

LAST UPDATE DATE

2024-08-14T13:24:23.009000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-008406date:2020-09-11T00:00:00
db:CNNVDid:CNNVD-202007-1149date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3323date:2021-08-06T18:43:18.420

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-008406date:2020-09-11T00:00:00
db:CNNVDid:CNNVD-202007-1149date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3323date:2020-07-16T18:15:17.157