Details of VAR-202309-0548

ID

VAR-202309-0548

CVE

CVE-2023-20250

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device

Trust: 0.99

sources: NVD: CVE-2023-20250 // VULMON: CVE-2023-20250

AFFECTED PRODUCTS

vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.0.30	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.51	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.1.6	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.1.4	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.2.99	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.0.14	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.0.15	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.52	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.3.1.5	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.0.8	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.45	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.2.1	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.22	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.16	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.0.21	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.2.7	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.28	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.3.1.7	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.3.0.7	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.0.9	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.14	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.3.0.4	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.0.21	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.55	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.1.99	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.2.8	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.44	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.0.14	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.1.7	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.0.99	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.2.5	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.1.3	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.54	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.1.0.6	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.1.0.9	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.22	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.3.0.8	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.16	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.51	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.0.10	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.3.0.99	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.3.1.4	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.3.0.7	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.2.4	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.3.1.1	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.1.1	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.0.15	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.52	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.0.2	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.0.21	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.0.10	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.1.99	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.2.99	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.0.8	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.1.6	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.45	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.1.0.5	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.1.4	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.1.7	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.2.5	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.2.7	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.1.0.6	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.3.0.8	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.3.1.7	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.1.0.5	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.14	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.2.4	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.28	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.3.1.1	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.1.1	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.0.2	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.0.9	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.2.8	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.0.10	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.1.6	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.55	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.1.4	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.22	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.0.99	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.16	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.54	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.0.30	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.44	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.51	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.3.0.7	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.1.0.5	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.1.3	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.1.1	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.1.0.9	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.0.21	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.1.99	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.28	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.3.0.99	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.3.1.4	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.0.15	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.0.9	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.0.8	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.2.1	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.3.1.5	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.1.7	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.2.5	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.1.0.6	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.55	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.2.99	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.3.0.8	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.2.7	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.44	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.3.1.5	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.2.4	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.3.1.1	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.1.3	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.3.0.4	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.1.0.9	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.1.1	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.0.2	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.0.14	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.54	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.3.1.7	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.0.10	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.1.6	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.3.0.99	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.3.1.4	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.14	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.1.4	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.3.0.4	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.22	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.2.8	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.16	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.2.99	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.0.30	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.1.0.5	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.3.1.5	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.3.0.7	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.0.99	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.54	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.28	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.0.30	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.51	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.1.99	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.52	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.2.0.9	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.3.1.7	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.3.45	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.2.1	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.55	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.0.3.14	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.1.7	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.3.0.4	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.2.5	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.0.15	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.52	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.3.44	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.1.0.6	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.2.8	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.3.0.8	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.0.8	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.3.45	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.2.2.1	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.0.1.3	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.1.0.9	Trust: 1.0
vendor:	cisco	model:	rv215w	scope:	eq	version:	1.2.0.99	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.2.4	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.3.1.1	Trust: 1.0
vendor:	cisco	model:	rv130w	scope:	eq	version:	1.0.2.7	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.3.0.99	Trust: 1.0
vendor:	cisco	model:	rv110w	scope:	eq	version:	1.3.1.4	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.0.0.2	Trust: 1.0
vendor:	cisco	model:	rv130	scope:	eq	version:	1.2.0.14	Trust: 1.0

sources: NVD: CVE-2023-20250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-20250
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2023-20250
value:	MEDIUM
Trust: 1.0

nvd@nist.gov:	CVE-2023-20250
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
ykramarz@cisco.com:	CVE-2023-20250
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-20250 // NVD: CVE-2023-20250

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0

sources: NVD: CVE-2023-20250

PATCH

title:

Cisco: Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers Stack Overflow Vulnerability

url:

https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sb-rv-stack-SHYv2f5N

Trust: 0.1

sources: VULMON: CVE-2023-20250

EXTERNAL IDS

db:	NVD	id:	CVE-2023-20250	Trust: 1.1
db:	VULMON	id:	CVE-2023-20250	Trust: 0.1

sources: VULMON: CVE-2023-20250 // NVD: CVE-2023-20250

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv-stack-shyv2f5n	Trust: 1.2
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-20250 // NVD: CVE-2023-20250

SOURCES

db:	VULMON	id:	CVE-2023-20250
db:	NVD	id:	CVE-2023-20250

LAST UPDATE DATE

2024-08-14T15:00:05.930000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-20250	date:	2023-09-07T00:00:00
db:	NVD	id:	CVE-2023-20250	date:	2024-01-25T17:15:41.117

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-20250	date:	2023-09-06T00:00:00
db:	NVD	id:	CVE-2023-20250	date:	2023-09-06T17:15:50.100