ID

VAR-202301-0961


CVE

CVE-2023-20026


TITLE

Cisco Small Business Routers RV042  Input validation vulnerability in series

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20026 // JVNDB: JVNDB-2023-002358 // VULMON: CVE-2023-20026

AFFECTED PRODUCTS

vendor:ciscomodel:rv016scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv082scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:rv042 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv016 multi-wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042g dual gigabit wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv082 dual wan vpnscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358 // NVD: CVE-2023-20026

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20026
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20026
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-20026
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-947
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-20026
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20026
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2023-20026
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358 // CNNVD: CNNVD-202301-947 // NVD: CVE-2023-20026 // NVD: CVE-2023-20026

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358 // NVD: CVE-2023-20026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-947

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-947

PATCH

title:cisco-sa-sbr042-multi-vuln-ej76Pke5url:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

Trust: 0.8

title:Cisco Small Business RV016 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=223495

Trust: 0.6

title:Cisco: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sbr042-multi-vuln-ej76Pke5

Trust: 0.1

sources: VULMON: CVE-2023-20026 // JVNDB: JVNDB-2023-002358 // CNNVD: CNNVD-202301-947

EXTERNAL IDS

db:NVDid:CVE-2023-20026

Trust: 3.3

db:JVNDBid:JVNDB-2023-002358

Trust: 0.8

db:AUSCERTid:ESB-2023.0171

Trust: 0.6

db:CNNVDid:CNNVD-202301-947

Trust: 0.6

db:VULMONid:CVE-2023-20026

Trust: 0.1

sources: VULMON: CVE-2023-20026 // JVNDB: JVNDB-2023-002358 // CNNVD: CNNVD-202301-947 // NVD: CVE-2023-20026

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-20026

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.0171

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-20026/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20026 // JVNDB: JVNDB-2023-002358 // CNNVD: CNNVD-202301-947 // NVD: CVE-2023-20026

SOURCES

db:VULMONid:CVE-2023-20026
db:JVNDBid:JVNDB-2023-002358
db:CNNVDid:CNNVD-202301-947
db:NVDid:CVE-2023-20026

LAST UPDATE DATE

2024-08-14T13:52:50.377000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20026date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002358date:2023-07-07T02:23:00
db:CNNVDid:CNNVD-202301-947date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20026date:2024-01-25T17:15:25.637

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20026date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002358date:2023-07-07T00:00:00
db:CNNVDid:CNNVD-202301-947date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20026date:2023-01-20T07:15:14.813