ID

VAR-202301-0961


CVE

CVE-2023-20026


TITLE

Cisco Small Business Routers RV042  Input validation vulnerability in series

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco Small Business Routers RV042 Series contains an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20026 // JVNDB: JVNDB-2023-002358 // VULMON: CVE-2023-20026

AFFECTED PRODUCTS

vendor:ciscomodel:rv042gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv016scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv082scope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:rv042 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv016 multi-wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042g dual gigabit wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv082 dual wan vpnscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358 // NVD: CVE-2023-20026

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2023-20026
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2023-20026
value: HIGH

Trust: 1.0

NVD: CVE-2023-20026
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-947
value: HIGH

Trust: 0.6

psirt@cisco.com: CVE-2023-20026
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2023-20026
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-20026
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358 // CNNVD: CNNVD-202301-947 // NVD: CVE-2023-20026 // NVD: CVE-2023-20026

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-77

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002358 // NVD: CVE-2023-20026

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-947

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-947

PATCH

title:cisco-sa-sbr042-multi-vuln-ej76Pke5url:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

Trust: 0.8

title:Cisco Small Business RV016 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=223495

Trust: 0.6

title:Cisco: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sbr042-multi-vuln-ej76Pke5

Trust: 0.1

sources: VULMON: CVE-2023-20026 // JVNDB: JVNDB-2023-002358 // CNNVD: CNNVD-202301-947

EXTERNAL IDS

db:NVDid:CVE-2023-20026

Trust: 3.3

db:JVNDBid:JVNDB-2023-002358

Trust: 0.8

db:AUSCERTid:ESB-2023.0171

Trust: 0.6

db:CNNVDid:CNNVD-202301-947

Trust: 0.6

db:VULMONid:CVE-2023-20026

Trust: 0.1

sources: VULMON: CVE-2023-20026 // JVNDB: JVNDB-2023-002358 // CNNVD: CNNVD-202301-947 // NVD: CVE-2023-20026

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-20026

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.0171

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-20026/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20026 // JVNDB: JVNDB-2023-002358 // CNNVD: CNNVD-202301-947 // NVD: CVE-2023-20026

SOURCES

db:VULMONid:CVE-2023-20026
db:JVNDBid:JVNDB-2023-002358
db:CNNVDid:CNNVD-202301-947
db:NVDid:CVE-2023-20026

LAST UPDATE DATE

2025-03-13T23:09:14.760000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20026date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002358date:2023-07-07T02:23:00
db:CNNVDid:CNNVD-202301-947date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20026date:2025-03-12T17:15:38.390

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20026date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002358date:2023-07-07T00:00:00
db:CNNVDid:CNNVD-202301-947date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20026date:2023-01-20T07:15:14.813