ID

VAR-202301-0980


CVE

CVE-2023-20007


TITLE

plural  Cisco  In the product  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-002308

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the web-based management process to restart, resulting in a DoS condition. plural Cisco The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20007 // JVNDB: JVNDB-2023-002308 // VULMON: CVE-2023-20007

AFFECTED PRODUCTS

vendor:ciscomodel:rv345scope:ltversion:1.0.03.29

Trust: 1.0

vendor:ciscomodel:rv345pscope:ltversion:1.0.03.29

Trust: 1.0

vendor:ciscomodel:rv340wscope:ltversion:1.0.03.29

Trust: 1.0

vendor:ciscomodel:rv340scope:ltversion:1.0.03.29

Trust: 1.0

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn ルータscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002308 // NVD: CVE-2023-20007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20007
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20007
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-20007
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-1005
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-20007
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20007
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2023-20007
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002308 // CNNVD: CNNVD-202301-1005 // NVD: CVE-2023-20007 // NVD: CVE-2023-20007

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002308 // NVD: CVE-2023-20007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1005

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202301-1005

PATCH

title:cisco-sa-sb-rv-rcedos-7HjP74jDurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD

Trust: 0.8

title:Cisco Small Business RV340 and RV345 Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=223273

Trust: 0.6

title:Cisco: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution and Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sb-rv-rcedos-7HjP74jD

Trust: 0.1

sources: VULMON: CVE-2023-20007 // JVNDB: JVNDB-2023-002308 // CNNVD: CNNVD-202301-1005

EXTERNAL IDS

db:NVDid:CVE-2023-20007

Trust: 3.3

db:JVNDBid:JVNDB-2023-002308

Trust: 0.8

db:AUSCERTid:ESB-2023.0172

Trust: 0.6

db:CNNVDid:CNNVD-202301-1005

Trust: 0.6

db:VULMONid:CVE-2023-20007

Trust: 0.1

sources: VULMON: CVE-2023-20007 // JVNDB: JVNDB-2023-002308 // CNNVD: CNNVD-202301-1005 // NVD: CVE-2023-20007

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv-rcedos-7hjp74jd

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-20007

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.0172

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-20007/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20007 // JVNDB: JVNDB-2023-002308 // CNNVD: CNNVD-202301-1005 // NVD: CVE-2023-20007

SOURCES

db:VULMONid:CVE-2023-20007
db:JVNDBid:JVNDB-2023-002308
db:CNNVDid:CNNVD-202301-1005
db:NVDid:CVE-2023-20007

LAST UPDATE DATE

2024-08-14T15:16:17.891000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20007date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002308date:2023-07-05T01:11:00
db:CNNVDid:CNNVD-202301-1005date:2023-02-01T00:00:00
db:NVDid:CVE-2023-20007date:2024-01-25T17:15:24.170

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20007date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002308date:2023-07-05T00:00:00
db:CNNVDid:CNNVD-202301-1005date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20007date:2023-01-20T07:15:12.757