CVE-2023-20025

2023-01-1901:33:39

cisco

www.cve.org

cisco

small business

rv042 series routers

vulnerability

web-based management

authentication bypass

remote attacker

user input validation

http packets

root privileges

cve-2023-20025

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.003

Percentile

68.3%

JSON

A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device.

This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Small Business RV Series Router Firmware",
    "versions": [
      {
        "version": "2.0.0.19-tm",
        "status": "affected"
      },
      {
        "version": "2.0.2.01-tm",
        "status": "affected"
      },
      {
        "version": "1.3.12.19-tm",
        "status": "affected"
      },
      {
        "version": "1.3.12.6-tm",
        "status": "affected"
      },
      {
        "version": "1.3.13.02-tm",
        "status": "affected"
      },
      {
        "version": "1.3.9.8-tm",
        "status": "affected"
      },
      {
        "version": "4.0.0.7",
        "status": "affected"
      },
      {
        "version": "4.0.2.08-tm",
        "status": "affected"
      },
      {
        "version": "4.0.3.03-tm",
        "status": "affected"
      },
      {
        "version": "4.0.4.02-tm",
        "status": "affected"
      },
      {
        "version": "4.2.1.02",
        "status": "affected"
      },
      {
        "version": "4.2.2.08",
        "status": "affected"
      },
      {
        "version": "4.2.3.03",
        "status": "affected"
      },
      {
        "version": "4.2.3.06",
        "status": "affected"
      },
      {
        "version": "4.2.3.07",
        "status": "affected"
      },
      {
        "version": "4.2.3.08",
        "status": "affected"
      },
      {
        "version": "4.2.3.09",
        "status": "affected"
      },
      {
        "version": "4.2.3.10",
        "status": "affected"
      },
      {
        "version": "4.2.3.14",
        "status": "affected"
      },
      {
        "version": "3.0.0.1-tm",
        "status": "affected"
      },
      {
        "version": "3.0.0.19-tm",
        "status": "affected"
      },
      {
        "version": "3.0.2.01-tm",
        "status": "affected"
      },
      {
        "version": "4.1.1.01",
        "status": "affected"
      },
      {
        "version": "4.1.0.02-tm",
        "status": "affected"
      }
    ]
  }
]