Sign-up

ID

VAR-202007-1023


CVE

CVE-2020-3332


TITLE

plural Cisco Small Business RV In series routers OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-008341

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. The vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts with root privileges on the affected device

Trust: 1.71

sources: NVD: CVE-2020-3332 // JVNDB: JVNDB-2020-008341 // VULMON: CVE-2020-3332

AFFECTED PRODUCTS

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:ltversion:1.2.2.8

Trust: 1.0

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope:ltversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv215w wireless-n vpn routerscope:ltversion:1.3.1.7

Trust: 1.0

vendor:ciscomodel:rv130 vpn routerscope:ltversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv130 vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv215w wireless-n vpn routerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008341 // NVD: CVE-2020-3332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3332
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3332
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008341
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1077
value: HIGH

Trust: 0.6

VULMON: CVE-2020-3332
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3332
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-008341
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-3332
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3332
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-008341
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-3332 // JVNDB: JVNDB-2020-008341 // CNNVD: CNNVD-202007-1077 // NVD: CVE-2020-3332 // NVD: CVE-2020-3332

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2020-008341 // NVD: CVE-2020-3332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1077

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202007-1077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-008341

PATCH
title:cisco-sa-cmd-shell-injection-9jOQn9Dyurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmd-shell-injection-9jOQn9Dy
Trust: 0.8
title:Multiple Cisco Product operating system command injection vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=124154
Trust: 0.6
title:Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers Command Shell Injection Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-cmd-shell-injection-9jOQn9Dy
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3332 // 
            
            
            
            JVNDB: JVNDB-2020-008341 // 
            
            
            
            CNNVD: CNNVD-202007-1077

EXTERNAL IDS
db:NVDid:CVE-2020-3332
Trust: 2.5
db:JVNDBid:JVNDB-2020-008341
Trust: 0.8
db:AUSCERTid:ESB-2020.2417
Trust: 0.6
db:NSFOCUSid:48358
Trust: 0.6
db:CNNVDid:CNNVD-202007-1077
Trust: 0.6
db:VULMONid:CVE-2020-3332
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3332 // 
            
            
            
            JVNDB: JVNDB-2020-008341 // 
            
            
            
            CNNVD: CNNVD-202007-1077 // 
            
            
            
            NVD: CVE-2020-3332

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cmd-shell-injection-9joqn9dy
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-3332
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3332
Trust: 0.8
url:http://www.nsfocus.net/vulndb/48358
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2417/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3332 // 
            
            
            
            JVNDB: JVNDB-2020-008341 // 
            
            
            
            CNNVD: CNNVD-202007-1077 // 
            
            
            
            NVD: CVE-2020-3332

SOURCES
db:VULMONid:CVE-2020-3332
db:JVNDBid:JVNDB-2020-008341
db:CNNVDid:CNNVD-202007-1077
db:NVDid:CVE-2020-3332

LAST UPDATE DATE
2024-11-23T21:59:08.724000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-3332date:2020-07-23T00:00:00
db:JVNDBid:JVNDB-2020-008341date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1077date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3332date:2024-11-21T05:30:49.170

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-3332date:2020-07-16T00:00:00
db:JVNDBid:JVNDB-2020-008341date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1077date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3332date:2020-07-16T18:15:17.457