ID

VAR-202304-0150


CVE

CVE-2023-20150


TITLE

Cross-site scripting vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2023-006865

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. RV016 Multi-WAN VPN firmware, RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN Cross-site scripting vulnerabilities exist in multiple Cisco Systems products, including firmware.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2023-20150 // JVNDB: JVNDB-2023-006865 // VULMON: CVE-2023-20150

AFFECTED PRODUCTS

vendor:ciscomodel:rv082scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv016scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:rv016 multi-wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv325 dual gigabit wan vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv320 dual gigabit wan vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv082 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042g dual gigabit wan vpnscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-006865 // NVD: CVE-2023-20150

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20150
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20150
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-20150
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202304-286
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-20150
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: CVE-2023-20150
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-006865 // CNNVD: CNNVD-202304-286 // NVD: CVE-2023-20150 // NVD: CVE-2023-20150

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-006865 // NVD: CVE-2023-20150

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-286

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202304-286

PATCH

title:cisco-sa-rv-stored-xss-vqz7gC8Wurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W

Trust: 0.8

title:Cisco Small Business Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=233384

Trust: 0.6

title:Cisco: Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-stored-xss-vqz7gC8W

Trust: 0.1

sources: VULMON: CVE-2023-20150 // JVNDB: JVNDB-2023-006865 // CNNVD: CNNVD-202304-286

EXTERNAL IDS

db:NVDid:CVE-2023-20150

Trust: 3.3

db:JVNDBid:JVNDB-2023-006865

Trust: 0.8

db:AUSCERTid:ESB-2023.2020

Trust: 0.6

db:CNNVDid:CNNVD-202304-286

Trust: 0.6

db:VULMONid:CVE-2023-20150

Trust: 0.1

sources: VULMON: CVE-2023-20150 // JVNDB: JVNDB-2023-006865 // CNNVD: CNNVD-202304-286 // NVD: CVE-2023-20150

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-vqz7gc8w

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-20150

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-20150/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.2020

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20150 // JVNDB: JVNDB-2023-006865 // CNNVD: CNNVD-202304-286 // NVD: CVE-2023-20150

SOURCES

db:VULMONid:CVE-2023-20150
db:JVNDBid:JVNDB-2023-006865
db:CNNVDid:CNNVD-202304-286
db:NVDid:CVE-2023-20150

LAST UPDATE DATE

2024-08-14T13:20:54.097000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20150date:2023-04-06T00:00:00
db:JVNDBid:JVNDB-2023-006865date:2023-11-16T07:21:00
db:CNNVDid:CNNVD-202304-286date:2023-04-14T00:00:00
db:NVDid:CVE-2023-20150date:2023-11-07T04:06:15.010

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20150date:2023-04-05T00:00:00
db:JVNDBid:JVNDB-2023-006865date:2023-11-16T00:00:00
db:CNNVDid:CNNVD-202304-286date:2023-04-05T00:00:00
db:NVDid:CVE-2023-20150date:2023-04-05T19:15:09.317