CVE-2023-20025 - OpenCVE

A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Rv042 Firmware Rv016 Firmware Rv042 Rv042g Rv082 Firmware Rv016 Rv042g Firmware Rv082

Configuration 1 [-]

AND

cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5	Mitigation Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2023-01-19T01:33:39.023Z

Updated: 2024-01-25T16:57:33.587Z

Reserved: 2022-10-27T18:47:50.309Z

Link: CVE-2023-20025

JSON object: View

NVD Information

Status : Modified

Published: 2023-01-20T07:15:14.490

Modified: 2024-01-25T17:15:25.523

Link: CVE-2023-20025

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-20025", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.309Z", "datePublished": "2023-01-19T01:33:39.023Z", "dateUpdated": "2024-01-25T16:57:33.587Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:33.587Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device.\r\n\r This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.\r\n"}], "affected": [{"vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "versions": [{"version": "2.0.0.19-tm", "status": "affected"}, {"version": "2.0.2.01-tm", "status": "affected"}, {"version": "1.3.12.19-tm", "status": "affected"}, {"version": "1.3.12.6-tm", "status": "affected"}, {"version": "1.3.13.02-tm", "status": "affected"}, {"version": "1.3.9.8-tm", "status": "affected"}, {"version": "4.0.0.7", "status": "affected"}, {"version": "4.0.2.08-tm", "status": "affected"}, {"version": "4.0.3.03-tm", "status": "affected"}, {"version": "4.0.4.02-tm", "status": "affected"}, {"version": "4.2.1.02", "status": "affected"}, {"version": "4.2.2.08", "status": "affected"}, {"version": "4.2.3.03", "status": "affected"}, {"version": "4.2.3.06", "status": "affected"}, {"version": "4.2.3.07", "status": "affected"}, {"version": "4.2.3.08", "status": "affected"}, {"version": "4.2.3.09", "status": "affected"}, {"version": "4.2.3.10", "status": "affected"}, {"version": "4.2.3.14", "status": "affected"}, {"version": "3.0.0.1-tm", "status": "affected"}, {"version": "3.0.0.19-tm", "status": "affected"}, {"version": "3.0.2.01-tm", "status": "affected"}, {"version": "4.1.1.01", "status": "affected"}, {"version": "4.1.0.02-tm", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Using Referer Field for Authentication", "type": "cwe", "cweId": "CWE-293"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5", "name": "cisco-sa-sbr042-multi-vuln-ej76Pke5"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-sbr042-multi-vuln-ej76Pke5", "discovery": "EXTERNAL", "defects": ["CSCwd47551"]}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC05438-3064-4FB6-9177-9EA60C8E250C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*", "matchCriteriaId": "701E3CF5-15C0-419A-97A8-9BD2C55D74AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5A39236-B032-46BB-94D0-3E0E3E557BC0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DCBB2D8-AACF-45EA-B9D4-DAECC7C792D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E699C11F-3C7C-420D-9243-5CD2A6B98EF2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1CD7D9C-DDEF-4DF0-BCFB-A45301AE2C10", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EF65E38-D812-4F6E-903C-05E203F3E9F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*", "matchCriteriaId": "24FC4446-22C0-4EC9-84B4-A76412680105", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device.\r\n\r This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.\r\n"}], "id": "CVE-2023-20025", "lastModified": "2024-01-25T17:15:25.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-01-20T07:15:14.490", "references": [{"source": "ykramarz@cisco.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-293"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}