Details of VAR-202007-1020

ID

VAR-202007-1020

CVE

CVE-2020-3323

TITLE

plural Cisco Small Business RV Buffer error vulnerability in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-008406

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. plural Cisco Small Business RV A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3323 // JVNDB: JVNDB-2020-008406

AFFECTED PRODUCTS

vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	lt	version:	1.2.2.8	Trust: 1.0
vendor:	cisco	model:	rv130w wireless-n multifunction vpn router	scope:	lt	version:	1.0.3.54	Trust: 1.0
vendor:	cisco	model:	rv130 vpn router	scope:	lt	version:	1.0.3.54	Trust: 1.0
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	lt	version:	1.3.1.7	Trust: 1.0
vendor:	cisco	model:	rv110w wireless-n vpn firewall	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv130w wireless-n multifunction vpn routerr	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv215w wireless-n vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv130 vpn router	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-008406 // NVD: CVE-2020-3323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3323
value:	CRITICAL
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3323
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-008406
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202007-1149
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-3323
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008406
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-3323
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3323
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-008406
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-008406 // CNNVD: CNNVD-202007-1149 // NVD: CVE-2020-3323 // NVD: CVE-2020-3323

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-20	Trust: 1.0

sources: JVNDB: JVNDB-2020-008406 // NVD: CVE-2020-3323

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1149

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1149

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-008406

PATCH

title:	cisco-sa-rv-rce-AQKREqp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-AQKREqp	Trust: 0.8
title:	Multiple Cisco Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124599	Trust: 0.6

sources: JVNDB: JVNDB-2020-008406 // CNNVD: CNNVD-202007-1149

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3323	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-008406	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.2417	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1149	Trust: 0.6

sources: JVNDB: JVNDB-2020-008406 // CNNVD: CNNVD-202007-1149 // NVD: CVE-2020-3323

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-rce-aqkreqp	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3323	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3323	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2020.2417/	Trust: 0.6

sources: JVNDB: JVNDB-2020-008406 // CNNVD: CNNVD-202007-1149 // NVD: CVE-2020-3323

SOURCES

db:	JVNDB	id:	JVNDB-2020-008406
db:	CNNVD	id:	CNNVD-202007-1149
db:	NVD	id:	CVE-2020-3323

LAST UPDATE DATE

2024-08-14T13:24:23.009000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-008406	date:	2020-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202007-1149	date:	2021-08-09T00:00:00
db:	NVD	id:	CVE-2020-3323	date:	2021-08-06T18:43:18.420

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-008406	date:	2020-09-11T00:00:00
db:	CNNVD	id:	CNNVD-202007-1149	date:	2020-07-15T00:00:00
db:	NVD	id:	CVE-2020-3323	date:	2020-07-16T18:15:17.157