CVE-2023-20026 - OpenCVE

A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Rv016 Rv016 Firmware Rv042 Rv042 Firmware Rv042g Rv042g Firmware Rv082 Rv082 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-01-19T01:33:26.928Z

Updated: 2024-08-02T08:57:35.554Z

Reserved: 2022-10-27T18:47:50.309Z

Link: CVE-2023-20026

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-20T07:15:14.813

Modified: 2024-01-25T17:15:25.637

Link: CVE-2023-20026

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20026", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.309Z", "datePublished": "2023-01-19T01:33:26.928Z", "dateUpdated": "2024-08-02T08:57:35.554Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:33.906Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device.\r\n\r This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r\n"}], "affected": [{"vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "versions": [{"version": "1.0.00.29", "status": "affected"}, {"version": "1.0.00.33", "status": "affected"}, {"version": "1.0.01.16", "status": "affected"}, {"version": "1.0.01.17", "status": "affected"}, {"version": "1.0.01.18", "status": "affected"}, {"version": "1.0.01.20", "status": "affected"}, {"version": "1.0.02.16", "status": "affected"}, {"version": "1.0.03.15", "status": "affected"}, {"version": "1.0.03.16", "status": "affected"}, {"version": "1.0.03.17", "status": "affected"}, {"version": "1.0.03.18", "status": "affected"}, {"version": "1.0.03.19", "status": "affected"}, {"version": "1.0.03.20", "status": "affected"}, {"version": "1.0.03.21", "status": "affected"}, {"version": "1.0.03.22", "status": "affected"}, {"version": "1.0.03.24", "status": "affected"}, {"version": "1.0.03.26", "status": "affected"}, {"version": "1.0.03.27", "status": "affected"}, {"version": "1.0.03.28", "status": "affected"}, {"version": "1.0.03.29", "status": "affected"}, {"version": "2.0.0.19-tm", "status": "affected"}, {"version": "2.0.2.01-tm", "status": "affected"}, {"version": "1.3.12.19-tm", "status": "affected"}, {"version": "1.3.12.6-tm", "status": "affected"}, {"version": "1.3.13.02-tm", "status": "affected"}, {"version": "1.3.9.8-tm", "status": "affected"}, {"version": "4.0.0.7", "status": "affected"}, {"version": "4.0.2.08-tm", "status": "affected"}, {"version": "4.0.3.03-tm", "status": "affected"}, {"version": "4.0.4.02-tm", "status": "affected"}, {"version": "4.2.1.02", "status": "affected"}, {"version": "4.2.2.08", "status": "affected"}, {"version": "4.2.3.03", "status": "affected"}, {"version": "4.2.3.06", "status": "affected"}, {"version": "4.2.3.07", "status": "affected"}, {"version": "4.2.3.08", "status": "affected"}, {"version": "4.2.3.09", "status": "affected"}, {"version": "4.2.3.10", "status": "affected"}, {"version": "4.2.3.14", "status": "affected"}, {"version": "3.0.0.1-tm", "status": "affected"}, {"version": "3.0.0.19-tm", "status": "affected"}, {"version": "3.0.2.01-tm", "status": "affected"}, {"version": "4.1.1.01", "status": "affected"}, {"version": "4.1.0.02-tm", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "type": "cwe", "cweId": "CWE-77"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5", "name": "cisco-sa-sbr042-multi-vuln-ej76Pke5"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for vulnerabilities CVE-2023-20025 and CVE-2023-20026 that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-sbr042-multi-vuln-ej76Pke5", "discovery": "EXTERNAL", "defects": ["CSCwd60199"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.554Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5", "name": "cisco-sa-sbr042-multi-vuln-ej76Pke5", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCC05438-3064-4FB6-9177-9EA60C8E250C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*", "matchCriteriaId": "701E3CF5-15C0-419A-97A8-9BD2C55D74AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5A39236-B032-46BB-94D0-3E0E3E557BC0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DCBB2D8-AACF-45EA-B9D4-DAECC7C792D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E699C11F-3C7C-420D-9243-5CD2A6B98EF2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1CD7D9C-DDEF-4DF0-BCFB-A45301AE2C10", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EF65E38-D812-4F6E-903C-05E203F3E9F6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*", "matchCriteriaId": "24FC4446-22C0-4EC9-84B4-A76412680105", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device.\r\n\r This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.\r\n"}], "id": "CVE-2023-20026", "lastModified": "2024-01-25T17:15:25.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-01-20T07:15:14.813", "references": [{"source": "ykramarz@cisco.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}