CVE-2023-20025 Vulnerability Details

  /     /     /  

CVE-2023-20025 Metadata Quick Info

CVE Published: 19/01/2023 | CVE Updated: 28/10/2024 | CVE Year: 2023
Source: cisco | Vendor: Cisco | Product: Cisco Small Business RV Series Router Firmware
Status : PUBLISHED

CVE-2023-20025 Description

A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.

Metrics

CVSS Version: 3.1 | Base Score: 9 CRITICAL
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-293
CWE Name: Using Referer Field for Authentication
Source: Cisco

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: