Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-20026
HistoryJan 20, 2023 - 7:15 a.m.

CVE-2023-20026

2023-01-2007:15:14
CWE-20
CWE-77
[email protected]
web.nvd.nist.gov
4
cve-2023-20026
web-based management interface
remote attacker
arbitrary commands
user input validation
http packets
root-level privileges
administrator credentials

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON

A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device.

This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device.

Affected configurations

NVD
Node
ciscorv016_firmwareMatch-
AND
ciscorv016Match-
Node
ciscorv042_firmwareMatch-
AND
ciscorv042Match-
Node
ciscorv042g_firmwareMatch-
AND
ciscorv042gMatch-
Node
ciscorv082_firmwareMatch-
AND
ciscorv082Match-

Related

cvelist 1
cve 1
prion 1
hivepro 1
thn 1
cisco 1
nessus 1
cvelist
cvelist
CVE-2023-20026
2023-01-19 01:33:26
cve
cve
CVE-2023-20026
2023-01-20 07:15:14
prion
prion
Input validation
2023-01-20 07:15:00
hivepro
hivepro
Cisco Small Business Routers Vulnerable to Authentication Bypass and Remote Code Execution
2023-01-16 12:29:55
thn
thn
Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers
2023-01-14 04:11:00
cisco
cisco
Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Vulnerabilities
2023-01-11 16:00:00
nessus
nessus
Cisco Small Business Routers Multiple Vulnerabilities (cisco-sa-sbr042-multi-vuln-ej76Pke5)
2023-03-27 00:00:00

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

34.4%

JSON
Related for NVD:CVE-2023-20026
cvelist1cve1prion1hivepro1thn1cisco1nessus1