CVE-2023-20025 - OpenCVE

A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Rv016 Rv016 Firmware Rv042 Rv042 Firmware Rv042g Rv042g Firmware Rv082 Rv082 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-01-19T01:33:39.023Z

Updated: 2024-08-02T08:57:35.838Z

Reserved: 2022-10-27T18:47:50.309Z

Link: CVE-2023-20025

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-20T07:15:14.490

Modified: 2024-01-25T17:15:25.523

Link: CVE-2023-20025

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20025", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.309Z", "datePublished": "2023-01-19T01:33:39.023Z", "dateUpdated": "2024-08-02T08:57:35.838Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:33.587Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device.\r\n\r This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.\r\n"}], "affected": [{"vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "versions": [{"version": "2.0.0.19-tm", "status": "affected"}, {"version": "2.0.2.01-tm", "status": "affected"}, {"version": "1.3.12.19-tm", "status": "affected"}, {"version": "1.3.12.6-tm", "status": "affected"}, {"version": "1.3.13.02-tm", "status": "affected"}, {"version": "1.3.9.8-tm", "status": "affected"}, {"version": "4.0.0.7", "status": "affected"}, {"version": "4.0.2.08-tm", "status": "affected"}, {"version": "4.0.3.03-tm", "status": "affected"}, {"version": "4.0.4.02-tm", "status": "affected"}, {"version": "4.2.1.02", "status": "affected"}, {"version": "4.2.2.08", "status": "affected"}, {"version": "4.2.3.03", "status": "affected"}, {"version": "4.2.3.06", "status": "affected"}, {"version": "4.2.3.07", "status": "affected"}, {"version": "4.2.3.08", "status": "affected"}, {"version": "4.2.3.09", "status": "affected"}, {"version": "4.2.3.10", "status": "affected"}, {"version": "4.2.3.14", "status": "affected"}, {"version": "3.0.0.1-tm", "status": "affected"}, {"version": "3.0.0.19-tm", "status": "affected"}, {"version": "3.0.2.01-tm", "status": "affected"}, {"version": "4.1.1.01", "status": "affected"}, {"version": "4.1.0.02-tm", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Using Referer Field for Authentication", "type": "cwe", "cweId": "CWE-293"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5", "name": "cisco-sa-sbr042-multi-vuln-ej76Pke5"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-sbr042-multi-vuln-ej76Pke5", "discovery": "EXTERNAL", "defects": ["CSCwd47551"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.838Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5", "name": "cisco-sa-sbr042-multi-vuln-ej76Pke5", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC05438-3064-4FB6-9177-9EA60C8E250C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*", "matchCriteriaId": "701E3CF5-15C0-419A-97A8-9BD2C55D74AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DCBB2D8-AACF-45EA-B9D4-DAECC7C792D1", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5A39236-B032-46BB-94D0-3E0E3E557BC0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1CD7D9C-DDEF-4DF0-BCFB-A45301AE2C10", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E699C11F-3C7C-420D-9243-5CD2A6B98EF2", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*", "matchCriteriaId": "24FC4446-22C0-4EC9-84B4-A76412680105", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EF65E38-D812-4F6E-903C-05E203F3E9F6", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device.\r\n\r This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.\r\n"}], "id": "CVE-2023-20025", "lastModified": "2024-01-25T17:15:25.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-01-20T07:15:14.490", "references": [{"source": "ykramarz@cisco.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-293"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}