CVE-2023-20026

A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*

History

25 Jan 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-01-20 07:15

Updated : 2024-02-04 23:14

NVD link : CVE-2023-20026

Mitre link : CVE-2023-20026

CVE.ORG link : CVE-2023-20026

JSON object : View

Products Affected

cisco

rv042g
rv042
rv082_firmware
rv042g_firmware
rv082
rv016_firmware
rv016
rv042_firmware

CWE

CWE-20

Improper Input Validation

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2023-20026", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.2}]}, "published": "2023-01-20T07:15:14.813", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5", "tags": ["Mitigation", "Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device.\r\n\r This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r\n"}], "lastModified": "2024-01-25T17:15:25.637", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCC05438-3064-4FB6-9177-9EA60C8E250C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "701E3CF5-15C0-419A-97A8-9BD2C55D74AB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5A39236-B032-46BB-94D0-3E0E3E557BC0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2DCBB2D8-AACF-45EA-B9D4-DAECC7C792D1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E699C11F-3C7C-420D-9243-5CD2A6B98EF2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1CD7D9C-DDEF-4DF0-BCFB-A45301AE2C10"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EF65E38-D812-4F6E-903C-05E203F3E9F6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "24FC4446-22C0-4EC9-84B4-A76412680105"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}