ID

VAR-202209-0516


CVE

CVE-2022-20923


TITLE

Authentication vulnerabilities in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018490

DESCRIPTION

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to the VPN from an affected device with crafted credentials. A successful exploit could allow the attacker to bypass authentication and access the IPSec VPN network. The attacker may obtain privileges that are the same level as an administrative user, depending on the crafted credentials that are used. Cisco has not released software updates that address this vulnerability. Cisco RV110W Wireless-N VPN Firewall firmware, RV130 VPN router firmware, Cisco RV130W Wireless-N Multifunction VPN Authentication vulnerabilities exist in multiple Cisco Systems products, including router firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2022-20923 // JVNDB: JVNDB-2022-018490

AFFECTED PRODUCTS

vendor:ciscomodel:rv110wscope:eqversion:1.3.1.7

Trust: 1.0

vendor:ciscomodel:rv215wscope:eqversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv110wscope:eqversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv215wscope:eqversion:1.3.1.7

Trust: 1.0

vendor:ciscomodel:rv130scope:eqversion:1.2.2.8

Trust: 1.0

vendor:ciscomodel:rv130scope:eqversion:1.3.1.7

Trust: 1.0

vendor:ciscomodel:rv130wscope:eqversion:1.2.2.8

Trust: 1.0

vendor:ciscomodel:rv130wscope:eqversion:1.3.1.7

Trust: 1.0

vendor:ciscomodel:rv130scope:eqversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv215wscope:eqversion:1.2.2.8

Trust: 1.0

vendor:ciscomodel:rv130wscope:eqversion:1.0.3.55

Trust: 1.0

vendor:ciscomodel:rv110wscope:eqversion:1.2.2.8

Trust: 1.0

vendor:シスコシステムズmodel:cisco rv215w wireless-n vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv130 vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv130w wireless-n multifunction vpn ルータscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018490 // NVD: CVE-2022-20923

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-20923
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20923
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-20923
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202209-420
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-20923
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2022-20923
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-20923
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018490 // CNNVD: CNNVD-202209-420 // NVD: CVE-2022-20923 // NVD: CVE-2022-20923

PROBLEMTYPE DATA

problemtype:CWE-303

Trust: 1.0

problemtype:CWE-287

Trust: 1.0

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018490 // NVD: CVE-2022-20923

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202209-420

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202209-420

PATCH

title:cisco-sa-sb-rv-vpnbypass-Cpheup9Ourl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O//

Trust: 0.8

title:Cisco Small Business Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=207487

Trust: 0.6

sources: JVNDB: JVNDB-2022-018490 // CNNVD: CNNVD-202209-420

EXTERNAL IDS

db:NVDid:CVE-2022-20923

Trust: 3.2

db:JVNDBid:JVNDB-2022-018490

Trust: 0.8

db:AUSCERTid:ESB-2022.4440

Trust: 0.6

db:CNNVDid:CNNVD-202209-420

Trust: 0.6

sources: JVNDB: JVNDB-2022-018490 // CNNVD: CNNVD-202209-420 // NVD: CVE-2022-20923

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv-vpnbypass-cpheup9o

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2022-20923

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-20923/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4440

Trust: 0.6

sources: JVNDB: JVNDB-2022-018490 // CNNVD: CNNVD-202209-420 // NVD: CVE-2022-20923

SOURCES

db:JVNDBid:JVNDB-2022-018490
db:CNNVDid:CNNVD-202209-420
db:NVDid:CVE-2022-20923

LAST UPDATE DATE

2024-08-14T14:43:43.452000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2022-018490date:2023-10-20T03:11:00
db:CNNVDid:CNNVD-202209-420date:2022-09-14T00:00:00
db:NVDid:CVE-2022-20923date:2023-11-07T03:43:20.173

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2022-018490date:2023-10-20T00:00:00
db:CNNVDid:CNNVD-202209-420date:2022-09-07T00:00:00
db:NVDid:CVE-2022-20923date:2022-09-08T13:15:08.987