CVE-2023-20026

Published Jan 20, 2023

Last updated 19 days ago

CVSS medium 6.5

Overview

Description: A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.
Source: psirt@cisco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

psirt@cisco.com: CWE-77
nvd@nist.gov: CWE-20

Hype score: Not currently trending

Cisco Small Business Routers Vulnerabilities (CVE-2023-20025 and CVE-2023-20026 and CVE-2023-20118) #Cisco #CiscoSmallBusinessRouter #CVE202320025 #CVE202320026 #CVE202320118 #CyberSecurity https://t.co/Bu3I1fbM1h https://t.co/tyFIYvwMOh
@SystemTek_UK
8 Mar 2025
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv016_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCC05438-3064-4FB6-9177-9EA60C8E250C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "701E3CF5-15C0-419A-97A8-9BD2C55D74AB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv042_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5A39236-B032-46BB-94D0-3E0E3E557BC0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2DCBB2D8-AACF-45EA-B9D4-DAECC7C792D1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv042g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E699C11F-3C7C-420D-9243-5CD2A6B98EF2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F1CD7D9C-DDEF-4DF0-BCFB-A45301AE2C10"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:rv082_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EF65E38-D812-4F6E-903C-05E203F3E9F6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "24FC4446-22C0-4EC9-84B4-A76412680105"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References