Details of VAR-202301-0962

ID

VAR-202301-0962

CVE

CVE-2023-20025

TITLE

Cisco Small Business RV042 Input Validation Vulnerability in Series Routers

Trust: 0.8

sources: JVNDB: JVNDB-2023-002344

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system. Cisco Small Business RV042 Series routers contain an input validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20025 // JVNDB: JVNDB-2023-002344 // VULMON: CVE-2023-20025

AFFECTED PRODUCTS

vendor:	cisco	model:	rv042g	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv016	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv042	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	rv082	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	rv016 multi-wan vpn	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv042 dual wan vpn	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv042g dual gigabit wan vpn	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv082 dual wan vpn	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-002344 // NVD: CVE-2023-20025

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2023-20025
value:	CRITICAL
Trust: 1.0
nvd@nist.gov:	CVE-2023-20025
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2023-20025
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202301-943
value:	CRITICAL
Trust: 0.6

psirt@cisco.com:	CVE-2023-20025
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	6.0
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2023-20025
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-20025
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-002344 // CNNVD: CNNVD-202301-943 // NVD: CVE-2023-20025 // NVD: CVE-2023-20025

PROBLEMTYPE DATA

problemtype:	CWE-293	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-002344 // NVD: CVE-2023-20025

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-943

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202301-943

PATCH

title:	cisco-sa-sbr042-multi-vuln-ej76Pke5	url:	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5	Trust: 0.8
title:	Cisco Small Business RV016 Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=223494	Trust: 0.6
title:	Cisco: Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sbr042-multi-vuln-ej76Pke5	Trust: 0.1

sources: VULMON: CVE-2023-20025 // JVNDB: JVNDB-2023-002344 // CNNVD: CNNVD-202301-943

EXTERNAL IDS

db:	NVD	id:	CVE-2023-20025	Trust: 3.3
db:	JVNDB	id:	JVNDB-2023-002344	Trust: 0.8
db:	AUSCERT	id:	ESB-2023.0171	Trust: 0.6
db:	CNNVD	id:	CNNVD-202301-943	Trust: 0.6
db:	VULMON	id:	CVE-2023-20025	Trust: 0.1

sources: VULMON: CVE-2023-20025 // JVNDB: JVNDB-2023-002344 // CNNVD: CNNVD-202301-943 // NVD: CVE-2023-20025

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sbr042-multi-vuln-ej76pke5	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-20025	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2023.0171	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2023-20025/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-20025 // JVNDB: JVNDB-2023-002344 // CNNVD: CNNVD-202301-943 // NVD: CVE-2023-20025

SOURCES

db:	VULMON	id:	CVE-2023-20025
db:	JVNDB	id:	JVNDB-2023-002344
db:	CNNVD	id:	CNNVD-202301-943
db:	NVD	id:	CVE-2023-20025

LAST UPDATE DATE

2025-03-13T23:09:14.786000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-20025	date:	2023-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-002344	date:	2023-07-05T07:35:00
db:	CNNVD	id:	CNNVD-202301-943	date:	2023-02-02T00:00:00
db:	NVD	id:	CVE-2023-20025	date:	2025-03-12T17:15:38.057

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-20025	date:	2023-01-20T00:00:00
db:	JVNDB	id:	JVNDB-2023-002344	date:	2023-07-05T00:00:00
db:	CNNVD	id:	CNNVD-202301-943	date:	2023-01-12T00:00:00
db:	NVD	id:	CVE-2023-20025	date:	2023-01-20T07:15:14.490