ID

VAR-202301-0962


CVE

CVE-2023-20025


TITLE

Cisco Small Business RV042  Input Validation Vulnerability in Series Routers

Trust: 0.8

sources: JVNDB: JVNDB-2023-002344

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20025 // JVNDB: JVNDB-2023-002344 // VULMON: CVE-2023-20025

AFFECTED PRODUCTS

vendor:ciscomodel:rv016scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv082scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:rv016 multi-wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042g dual gigabit wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv082 dual wan vpnscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002344 // NVD: CVE-2023-20025

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20025
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20025
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-20025
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202301-943
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2023-20025
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20025
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2023-20025
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002344 // CNNVD: CNNVD-202301-943 // NVD: CVE-2023-20025 // NVD: CVE-2023-20025

PROBLEMTYPE DATA

problemtype:CWE-293

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002344 // NVD: CVE-2023-20025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-943

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-943

PATCH

title:cisco-sa-sbr042-multi-vuln-ej76Pke5url:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

Trust: 0.8

title:Cisco Small Business RV016 Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=223494

Trust: 0.6

title:Cisco: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sbr042-multi-vuln-ej76Pke5

Trust: 0.1

sources: VULMON: CVE-2023-20025 // JVNDB: JVNDB-2023-002344 // CNNVD: CNNVD-202301-943

EXTERNAL IDS

db:NVDid:CVE-2023-20025

Trust: 3.3

db:JVNDBid:JVNDB-2023-002344

Trust: 0.8

db:AUSCERTid:ESB-2023.0171

Trust: 0.6

db:CNNVDid:CNNVD-202301-943

Trust: 0.6

db:VULMONid:CVE-2023-20025

Trust: 0.1

sources: VULMON: CVE-2023-20025 // JVNDB: JVNDB-2023-002344 // CNNVD: CNNVD-202301-943 // NVD: CVE-2023-20025

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-20025

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.0171

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-20025/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20025 // JVNDB: JVNDB-2023-002344 // CNNVD: CNNVD-202301-943 // NVD: CVE-2023-20025

SOURCES

db:VULMONid:CVE-2023-20025
db:JVNDBid:JVNDB-2023-002344
db:CNNVDid:CNNVD-202301-943
db:NVDid:CVE-2023-20025

LAST UPDATE DATE

2024-08-14T13:52:50.402000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20025date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002344date:2023-07-05T07:35:00
db:CNNVDid:CNNVD-202301-943date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20025date:2024-01-25T17:15:25.523

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20025date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002344date:2023-07-05T00:00:00
db:CNNVDid:CNNVD-202301-943date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20025date:2023-01-20T07:15:14.490