CVE-2023-20124 - OpenCVE

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Rv042 Firmware Rv016 Firmware Rv042 Rv042g Rv320 Rv082 Firmware Rv016 Rv042g Firmware Rv082 Rv325 Firmware Rv320 Firmware Rv325

Configuration 1 [-]

AND

cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:cisco:rv320_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:cisco:rv325_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:*

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv01x_rv32x_rce-nzAGWWDD	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2023-04-05T00:00:00

Updated: 2023-04-05T00:00:00

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20124

JSON object: View

NVD Information

Status : Modified

Published: 2023-04-05T18:15:07.590

Modified: 2023-11-07T04:06:07.280

Link: CVE-2023-20124

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-20124", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "dateUpdated": "2023-04-05T00:00:00", "dateReserved": "2022-10-27T00:00:00", "datePublished": "2023-04-05T00:00:00"}, "containers": {"cna": {"title": "Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution Vulnerability", "datePublic": "2023-04-05T00:00:00", "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2023-04-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability."}], "affected": [{"vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware ", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "20230405 Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Remote Command Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv01x_rv32x_rce-nzAGWWDD"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-77", "cweId": "CWE-77"}]}], "source": {"advisory": "cisco-sa-sb-rv01x_rv32x_rce-nzAGWWDD", "defect": [["CSCwe67655", "CSCwe67659"]], "discovery": "INTERNAL"}, "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC05438-3064-4FB6-9177-9EA60C8E250C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*", "matchCriteriaId": "701E3CF5-15C0-419A-97A8-9BD2C55D74AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5A39236-B032-46BB-94D0-3E0E3E557BC0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DCBB2D8-AACF-45EA-B9D4-DAECC7C792D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E699C11F-3C7C-420D-9243-5CD2A6B98EF2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1CD7D9C-DDEF-4DF0-BCFB-A45301AE2C10", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EF65E38-D812-4F6E-903C-05E203F3E9F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*", "matchCriteriaId": "24FC4446-22C0-4EC9-84B4-A76412680105", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv320_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0C17C5F-4EB7-4859-8127-AE027A72CB2C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:*", "matchCriteriaId": "7596F6D4-10DA-4F29-95AD-75B60F4670D6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv325_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "69F1C458-0EF3-4AD6-9055-355711F3751E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:*", "matchCriteriaId": "3435D601-EDA8-49FF-8841-EA6DF1518C75", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability."}], "id": "CVE-2023-20124", "lastModified": "2023-11-07T04:06:07.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-04-05T18:15:07.590", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv01x_rv32x_rce-nzAGWWDD"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}