cvelistv5 - CVE-2023-20073

CVE-2023-20073

Vulnerability from cvelistv5

Published

2023-04-05 00:00

Modified

2024-10-28 16:31

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS score ?

91.68% (0.99645)

Summary

References

▼	URL	Tags
	ykramarz@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V	Vendor Advisory

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Small Business RV Series Router Firmware	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T08:57:35.586Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20230202 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-20073",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-28T16:24:28.915280Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-28T16:31:07.204Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Cisco Small Business RV Series Router Firmware ",
               vendor: "Cisco",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2023-02-02T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",
            },
         ],
         exploits: [
            {
               lang: "en",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. ",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-434",
                     description: "CWE-434",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-05T00:00:00",
            orgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
            shortName: "cisco",
         },
         references: [
            {
               name: "20230202 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
            },
         ],
         source: {
            advisory: "cisco-sa-sb-rv-afu-EXxwA65V",
            defect: [
               [
                  "CSCwe04040",
               ],
            ],
            discovery: "INTERNAL",
         },
         title: "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
      },
   },
   cveMetadata: {
      assignerOrgId: "d1c1063e-7a18-46af-9102-31f8928bc633",
      assignerShortName: "cisco",
      cveId: "CVE-2023-20073",
      datePublished: "2023-04-05T00:00:00",
      dateReserved: "2022-10-27T00:00:00",
      dateUpdated: "2024-10-28T16:31:07.204Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2023-20073\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2023-04-05T16:15:07.720\",\"lastModified\":\"2024-11-21T07:40:29.387\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.03.29\",\"matchCriteriaId\":\"D6DC9B66-238D-4E9C-A0D6-9AFD09549101\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A4411AC-2A74-4315-BA6B-D7E1AA538BDB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.03.29\",\"matchCriteriaId\":\"02D7BEBD-B700-452C-A2F1-70009217F42F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21E55019-F969-4ACD-A6C8-1D2EE05F8EE4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.03.29\",\"matchCriteriaId\":\"43A9B296-5632-49B9-8830-6C27EF1710A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E91E68B-CBE9-462E-82D4-6F588B8E84E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.03.29\",\"matchCriteriaId\":\"61989F1E-A4C9-450D-AF26-B2178108A260\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5120BAB7-FB3A-481E-9ECD-48341846AFBD\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
      vulnrichment: {
         containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V\", \"name\": \"20230202 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T08:57:35.586Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-20073\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-28T16:24:28.915280Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-28T16:25:51.702Z\"}}], \"cna\": {\"title\": \"Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability\", \"source\": {\"defect\": [[\"CSCwe04040\"]], \"advisory\": \"cisco-sa-sb-rv-afu-EXxwA65V\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Small Business RV Series Router Firmware \", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. \"}], \"datePublic\": \"2023-02-02T00:00:00\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V\", \"name\": \"20230202 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2023-04-05T00:00:00\"}}}",
         cveMetadata: "{\"cveId\": \"CVE-2023-20073\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-28T16:31:07.204Z\", \"dateReserved\": \"2022-10-27T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2023-04-05T00:00:00\", \"assignerShortName\": \"cisco\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}

cisco-sa-sb-rv-afu-exxwa65v

Vulnerability from csaf_cisco

Published

2023-02-01 16:00

Modified

2023-02-01 16:00

Summary

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

Notes

Summary

Vulnerable Products

At the time of publication, this vulnerability affected the following Cisco RV Series Small Business Routers if they were running firmware Release 1.0.03.29 or earlier: RV340 Dual WAN Gigabit VPN Routers RV340W Dual WAN Gigabit Wireless-AC VPN Routers RV345 Dual WAN Gigabit VPN Routers RV345P Dual WAN Gigabit POE VPN Routers See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Workarounds

There are no workarounds that address this vulnerability. However, administrators can disable the affected component of the web-based management interface by logging in to the device and disabling the RESTCONF option under Firewall > Basic Settings. While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Fixed Software

Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory. Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products: End-of-Sale and End-of-Life Announcement for the Cisco Small Business RV340 and RV345 Series ["https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/small-business-rv340-rv345-series-eol.html"] When considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the new products will be sufficient for their network needs, that the new devices contain sufficient memory, and that current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank WangJincheng of X1cT34m Laboratory for reporting this vulnerability.

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

JSON

To clipboard

{
   document: {
      acknowledgments: [
         {
            summary: "Cisco would like to thank WangJincheng of X1cT34m Laboratory for reporting this vulnerability.",
         },
      ],
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      notes: [
         {
            category: "summary",
            text: "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device.\r\n\r\nThis vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\r\n\r\nThere are no workarounds that address this vulnerability.\r\n\r\n",
            title: "Summary",
         },
         {
            category: "general",
            text: "At the time of publication, this vulnerability affected the following Cisco RV Series Small Business Routers if they were running firmware Release 1.0.03.29 or earlier:\r\n\r\nRV340 Dual WAN Gigabit VPN Routers\r\nRV340W Dual WAN Gigabit Wireless-AC VPN Routers\r\nRV345 Dual WAN Gigabit VPN Routers\r\nRV345P Dual WAN Gigabit POE VPN Routers\r\n\r\nSee the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.",
            title: "Vulnerable Products",
         },
         {
            category: "general",
            text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.",
            title: "Products Confirmed Not Vulnerable",
         },
         {
            category: "general",
            text: "There are no workarounds that address this vulnerability. However, administrators can disable the affected component of the web-based management interface by logging in to the device and disabling the RESTCONF option under Firewall > Basic Settings.\r\n\r\nWhile this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
            title: "Workarounds",
         },
         {
            category: "general",
            text: "Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory. Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products:\r\n\r\nEnd-of-Sale and End-of-Life Announcement for the Cisco Small Business RV340 and RV345 Series [\"https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/small-business-rv340-rv345-series-eol.html\"]\r\n\r\nWhen considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the new products will be sufficient for their network needs, that the new devices contain sufficient memory, and that current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
            title: "Fixed Software",
         },
         {
            category: "general",
            text: "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
            title: "Vulnerability Policy",
         },
         {
            category: "general",
            text: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            title: "Exploitation and Public Announcements",
         },
         {
            category: "general",
            text: "Cisco would like to thank WangJincheng of X1cT34m Laboratory for reporting this vulnerability.",
            title: "Source",
         },
         {
            category: "legal_disclaimer",
            text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
            title: "Legal Disclaimer",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "psirt@cisco.com",
         issuing_authority: "Cisco PSIRT",
         name: "Cisco",
         namespace: "https://wwww.cisco.com",
      },
      references: [
         {
            category: "self",
            summary: "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
         },
         {
            category: "external",
            summary: "Cisco Security Vulnerability Policy",
            url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
         },
         {
            category: "external",
            summary: "End-of-Sale and End-of-Life Announcement for the Cisco Small Business RV340 and RV345 Series",
            url: "https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/small-business-rv340-rv345-series-eol.html",
         },
         {
            category: "external",
            summary: "Cisco Security Advisories page",
            url: "https://www.cisco.com/go/psirt",
         },
         {
            category: "external",
            summary: "Security Vulnerability Policy",
            url: "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html",
         },
      ],
      title: "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
      tracking: {
         current_release_date: "2023-02-01T16:00:00+00:00",
         generator: {
            date: "2024-05-10T23:21:38+00:00",
            engine: {
               name: "TVCE",
            },
         },
         id: "cisco-sa-sb-rv-afu-EXxwA65V",
         initial_release_date: "2023-02-01T16:00:00+00:00",
         revision_history: [
            {
               date: "2023-02-01T15:56:07+00:00",
               number: "1.0.0",
               summary: "Initial public release.",
            },
         ],
         status: "final",
         version: "1.0.0",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_family",
                  name: "Cisco Small Business RV Series Router Firmware",
                  product: {
                     name: "Cisco Small Business RV Series Router Firmware ",
                     product_id: "CSAFPID-183630",
                  },
               },
            ],
            category: "vendor",
            name: "Cisco",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-20073",
         ids: [
            {
               system_name: "Cisco Bug ID",
               text: "CSCwe04040",
            },
         ],
         notes: [
            {
               category: "other",
               text: "Complete.",
               title: "Affected Product Comprehensiveness",
            },
         ],
         product_status: {
            known_affected: [
               "CSAFPID-183630",
            ],
         },
         release_date: "2023-02-01T16:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               details: "Cisco has released software updates that address this vulnerability.",
               product_ids: [
                  "CSAFPID-183630",
               ],
               url: "https://software.cisco.com",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
               products: [
                  "CSAFPID-183630",
               ],
            },
         ],
         title: "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
      },
   ],
}

cisco-sa-sb-rv-afu-EXxwA65V

Vulnerability from csaf_cisco

Published

2023-02-01 16:00

Modified

2023-02-01 16:00

Summary

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

Notes

Summary

Vulnerable Products

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by this vulnerability.

Workarounds

Fixed Software

Vulnerability Policy

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

Cisco would like to thank WangJincheng of X1cT34m Laboratory for reporting this vulnerability.

Legal Disclaimer

JSON

To clipboard

{
   document: {
      acknowledgments: [
         {
            summary: "Cisco would like to thank WangJincheng of X1cT34m Laboratory for reporting this vulnerability.",
         },
      ],
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      notes: [
         {
            category: "summary",
            text: "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device.\r\n\r\nThis vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\r\n\r\nThere are no workarounds that address this vulnerability.\r\n\r\n",
            title: "Summary",
         },
         {
            category: "general",
            text: "At the time of publication, this vulnerability affected the following Cisco RV Series Small Business Routers if they were running firmware Release 1.0.03.29 or earlier:\r\n\r\nRV340 Dual WAN Gigabit VPN Routers\r\nRV340W Dual WAN Gigabit Wireless-AC VPN Routers\r\nRV345 Dual WAN Gigabit VPN Routers\r\nRV345P Dual WAN Gigabit POE VPN Routers\r\n\r\nSee the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.",
            title: "Vulnerable Products",
         },
         {
            category: "general",
            text: "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by this vulnerability.",
            title: "Products Confirmed Not Vulnerable",
         },
         {
            category: "general",
            text: "There are no workarounds that address this vulnerability. However, administrators can disable the affected component of the web-based management interface by logging in to the device and disabling the RESTCONF option under Firewall > Basic Settings.\r\n\r\nWhile this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.",
            title: "Workarounds",
         },
         {
            category: "general",
            text: "Cisco has not released and will not release software updates to address the vulnerabilities described in this advisory. Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products:\r\n\r\nEnd-of-Sale and End-of-Life Announcement for the Cisco Small Business RV340 and RV345 Series [\"https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/small-business-rv340-rv345-series-eol.html\"]\r\n\r\nWhen considering a device migration, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the new products will be sufficient for their network needs, that the new devices contain sufficient memory, and that current hardware and software configurations will continue to be supported properly by the new product. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
            title: "Fixed Software",
         },
         {
            category: "general",
            text: "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
            title: "Vulnerability Policy",
         },
         {
            category: "general",
            text: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.",
            title: "Exploitation and Public Announcements",
         },
         {
            category: "general",
            text: "Cisco would like to thank WangJincheng of X1cT34m Laboratory for reporting this vulnerability.",
            title: "Source",
         },
         {
            category: "legal_disclaimer",
            text: "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
            title: "Legal Disclaimer",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "psirt@cisco.com",
         issuing_authority: "Cisco PSIRT",
         name: "Cisco",
         namespace: "https://wwww.cisco.com",
      },
      references: [
         {
            category: "self",
            summary: "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
         },
         {
            category: "external",
            summary: "Cisco Security Vulnerability Policy",
            url: "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html",
         },
         {
            category: "external",
            summary: "End-of-Sale and End-of-Life Announcement for the Cisco Small Business RV340 and RV345 Series",
            url: "https://www.cisco.com/c/en/us/products/collateral/routers/small-business-rv-series-routers/small-business-rv340-rv345-series-eol.html",
         },
         {
            category: "external",
            summary: "Cisco Security Advisories page",
            url: "https://www.cisco.com/go/psirt",
         },
         {
            category: "external",
            summary: "Security Vulnerability Policy",
            url: "http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html",
         },
      ],
      title: "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
      tracking: {
         current_release_date: "2023-02-01T16:00:00+00:00",
         generator: {
            date: "2024-05-10T23:21:38+00:00",
            engine: {
               name: "TVCE",
            },
         },
         id: "cisco-sa-sb-rv-afu-EXxwA65V",
         initial_release_date: "2023-02-01T16:00:00+00:00",
         revision_history: [
            {
               date: "2023-02-01T15:56:07+00:00",
               number: "1.0.0",
               summary: "Initial public release.",
            },
         ],
         status: "final",
         version: "1.0.0",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  category: "product_family",
                  name: "Cisco Small Business RV Series Router Firmware",
                  product: {
                     name: "Cisco Small Business RV Series Router Firmware ",
                     product_id: "CSAFPID-183630",
                  },
               },
            ],
            category: "vendor",
            name: "Cisco",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-20073",
         ids: [
            {
               system_name: "Cisco Bug ID",
               text: "CSCwe04040",
            },
         ],
         notes: [
            {
               category: "other",
               text: "Complete.",
               title: "Affected Product Comprehensiveness",
            },
         ],
         product_status: {
            known_affected: [
               "CSAFPID-183630",
            ],
         },
         release_date: "2023-02-01T16:00:00+00:00",
         remediations: [
            {
               category: "vendor_fix",
               details: "Cisco has released software updates that address this vulnerability.",
               product_ids: [
                  "CSAFPID-183630",
               ],
               url: "https://software.cisco.com",
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
               products: [
                  "CSAFPID-183630",
               ],
            },
         ],
         title: "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
      },
   ],
}

WID-SEC-W-2023-0252

Vulnerability from csaf_certbund

Published

2023-02-01 23:00

Modified

2023-02-01 23:00

Summary

Cisco Small Business: Schwachstelle ermöglicht Manipulation von Dateien

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Die Cisco Small Business Produktfamilie beinhaltet Netzwerk-, Kommunikations-, WLAN- und Sicherheitsprodukte, sowie Router und Switche.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Small Business ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme

- CISCO Appliance

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Die Cisco Small Business Produktfamilie beinhaltet Netzwerk-, Kommunikations-, WLAN- und Sicherheitsprodukte, sowie Router und Switche.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Small Business ausnutzen, um Dateien zu manipulieren.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- CISCO Appliance",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2023-0252 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0252.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2023-0252 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0252",
         },
         {
            category: "external",
            summary: "Cisco Security Advisory CISCO-SA-SB-RV-AFU-EXXWA65V vom 2023-02-01",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
         },
      ],
      source_lang: "en-US",
      title: "Cisco Small Business: Schwachstelle ermöglicht Manipulation von Dateien",
      tracking: {
         current_release_date: "2023-02-01T23:00:00.000+00:00",
         generator: {
            date: "2024-08-15T17:42:52.776+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.5",
            },
         },
         id: "WID-SEC-W-2023-0252",
         initial_release_date: "2023-02-01T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2023-02-01T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "Cisco Small Business RV340 Dual WAN Gigabit VPN Routers",
                        product: {
                           name: "Cisco Small Business RV340 Dual WAN Gigabit VPN Routers",
                           product_id: "T026090",
                           product_identification_helper: {
                              cpe: "cpe:/h:cisco:small_business:rv340_dual_wan_gigabit_vpn_routers",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Cisco Small Business RV340W Dual WAN Gigabit Wireless-AC VPN Routers",
                        product: {
                           name: "Cisco Small Business RV340W Dual WAN Gigabit Wireless-AC VPN Routers",
                           product_id: "T026091",
                           product_identification_helper: {
                              cpe: "cpe:/h:cisco:small_business:rv340w_dual_wan_gigabit_wireless-ac_vpn_routers",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Cisco Small Business RV345 Dual WAN Gigabit VPN Routers",
                        product: {
                           name: "Cisco Small Business RV345 Dual WAN Gigabit VPN Routers",
                           product_id: "T026092",
                           product_identification_helper: {
                              cpe: "cpe:/h:cisco:small_business:rv345_dual_wan_gigabit_vpn_routers",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Cisco Small Business RV345P Dual WAN Gigabit POE VPN Routers",
                        product: {
                           name: "Cisco Small Business RV345P Dual WAN Gigabit POE VPN Routers",
                           product_id: "T026093",
                           product_identification_helper: {
                              cpe: "cpe:/h:cisco:small_business:rv345p_dual_wan_gigabit_poe_vpn_routers",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Small Business",
               },
            ],
            category: "vendor",
            name: "Cisco",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-20073",
         notes: [
            {
               category: "description",
               text: "Es existiert eine Schwachstelle in Cisco Small Business. Diese besteht im webbasierten Management-Interface und ermöglicht das Hochladen beliebiger Dateien. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.",
            },
         ],
         product_status: {
            known_affected: [
               "T026092",
               "T026091",
               "T026093",
               "T026090",
            ],
         },
         release_date: "2023-02-01T23:00:00.000+00:00",
         title: "CVE-2023-20073",
      },
   ],
}

wid-sec-w-2023-0252

Vulnerability from csaf_certbund

Published

2023-02-01 23:00

Modified

2023-02-01 23:00

Summary

Cisco Small Business: Schwachstelle ermöglicht Manipulation von Dateien

Notes

Produktbeschreibung

Die Cisco Small Business Produktfamilie beinhaltet Netzwerk-, Kommunikations-, WLAN- und Sicherheitsprodukte, sowie Router und Switche.

Angriff

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Small Business ausnutzen, um Dateien zu manipulieren.

Betroffene Betriebssysteme

- CISCO Appliance

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         text: "mittel",
      },
      category: "csaf_base",
      csaf_version: "2.0",
      distribution: {
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "de-DE",
      notes: [
         {
            category: "legal_disclaimer",
            text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.",
         },
         {
            category: "description",
            text: "Die Cisco Small Business Produktfamilie beinhaltet Netzwerk-, Kommunikations-, WLAN- und Sicherheitsprodukte, sowie Router und Switche.",
            title: "Produktbeschreibung",
         },
         {
            category: "summary",
            text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Small Business ausnutzen, um Dateien zu manipulieren.",
            title: "Angriff",
         },
         {
            category: "general",
            text: "- CISCO Appliance",
            title: "Betroffene Betriebssysteme",
         },
      ],
      publisher: {
         category: "other",
         contact_details: "csaf-provider@cert-bund.de",
         name: "Bundesamt für Sicherheit in der Informationstechnik",
         namespace: "https://www.bsi.bund.de",
      },
      references: [
         {
            category: "self",
            summary: "WID-SEC-W-2023-0252 - CSAF Version",
            url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0252.json",
         },
         {
            category: "self",
            summary: "WID-SEC-2023-0252 - Portal Version",
            url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0252",
         },
         {
            category: "external",
            summary: "Cisco Security Advisory CISCO-SA-SB-RV-AFU-EXXWA65V vom 2023-02-01",
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
         },
      ],
      source_lang: "en-US",
      title: "Cisco Small Business: Schwachstelle ermöglicht Manipulation von Dateien",
      tracking: {
         current_release_date: "2023-02-01T23:00:00.000+00:00",
         generator: {
            date: "2024-08-15T17:42:52.776+00:00",
            engine: {
               name: "BSI-WID",
               version: "1.3.5",
            },
         },
         id: "WID-SEC-W-2023-0252",
         initial_release_date: "2023-02-01T23:00:00.000+00:00",
         revision_history: [
            {
               date: "2023-02-01T23:00:00.000+00:00",
               number: "1",
               summary: "Initiale Fassung",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "Cisco Small Business RV340 Dual WAN Gigabit VPN Routers",
                        product: {
                           name: "Cisco Small Business RV340 Dual WAN Gigabit VPN Routers",
                           product_id: "T026090",
                           product_identification_helper: {
                              cpe: "cpe:/h:cisco:small_business:rv340_dual_wan_gigabit_vpn_routers",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Cisco Small Business RV340W Dual WAN Gigabit Wireless-AC VPN Routers",
                        product: {
                           name: "Cisco Small Business RV340W Dual WAN Gigabit Wireless-AC VPN Routers",
                           product_id: "T026091",
                           product_identification_helper: {
                              cpe: "cpe:/h:cisco:small_business:rv340w_dual_wan_gigabit_wireless-ac_vpn_routers",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Cisco Small Business RV345 Dual WAN Gigabit VPN Routers",
                        product: {
                           name: "Cisco Small Business RV345 Dual WAN Gigabit VPN Routers",
                           product_id: "T026092",
                           product_identification_helper: {
                              cpe: "cpe:/h:cisco:small_business:rv345_dual_wan_gigabit_vpn_routers",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "Cisco Small Business RV345P Dual WAN Gigabit POE VPN Routers",
                        product: {
                           name: "Cisco Small Business RV345P Dual WAN Gigabit POE VPN Routers",
                           product_id: "T026093",
                           product_identification_helper: {
                              cpe: "cpe:/h:cisco:small_business:rv345p_dual_wan_gigabit_poe_vpn_routers",
                           },
                        },
                     },
                  ],
                  category: "product_name",
                  name: "Small Business",
               },
            ],
            category: "vendor",
            name: "Cisco",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2023-20073",
         notes: [
            {
               category: "description",
               text: "Es existiert eine Schwachstelle in Cisco Small Business. Diese besteht im webbasierten Management-Interface und ermöglicht das Hochladen beliebiger Dateien. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Dateien zu manipulieren.",
            },
         ],
         product_status: {
            known_affected: [
               "T026092",
               "T026091",
               "T026093",
               "T026090",
            ],
         },
         release_date: "2023-02-01T23:00:00.000+00:00",
         title: "CVE-2023-20073",
      },
   ],
}

var-202302-0119

Vulnerability from variot

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device. RV340 firmware, RV340W firmware, RV345 Multiple Cisco Systems products, including firmware, contain vulnerabilities that allow unrestricted upload of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The RV340, RV340W, RV345, and RV345P are Cisco's small business VPN routers.

There are binary vulnerabilities in many Cisco products, and attackers can use this vulnerability to upload files for overwriting. There are no workarounds that address this vulnerability. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-202302-0119",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "rv340",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.29",
         },
         {
            model: "rv340w",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.29",
         },
         {
            model: "rv345",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.29",
         },
         {
            model: "rv345p",
            scope: "lte",
            trust: 1,
            vendor: "cisco",
            version: "1.0.03.29",
         },
         {
            model: "rv340w",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv345p",
            scope: null,
            trust: 0.8,
            vendor: "シスコシステムズ",
            version: null,
         },
         {
            model: "rv340",
            scope: "eq",
            trust: 0.6,
            vendor: "cisco",
            version: "1.0.03.29",
         },
         {
            model: "rv340w",
            scope: "eq",
            trust: 0.6,
            vendor: "cisco",
            version: "1.0.03.29",
         },
         {
            model: "rv345",
            scope: "eq",
            trust: 0.6,
            vendor: "cisco",
            version: "1.0.03.29",
         },
         {
            model: "rv345p",
            scope: "eq",
            trust: 0.6,
            vendor: "cisco",
            version: "1.0.03.29",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            db: "NVD",
            id: "CVE-2023-20073",
         },
      ],
   },
   cve: "CVE-2023-20073",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "CNVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 10,
                  id: "CNVD-2023-09623",
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  severity: "MEDIUM",
                  trust: 0.6,
                  vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "nvd@nist.gov",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 3.9,
                  id: "CVE-2023-20073",
                  impactScore: 5.9,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  author: "ykramarz@cisco.com",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 3.9,
                  id: "CVE-2023-20073",
                  impactScore: 1.4,
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "Low",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "High",
                  baseScore: 9.8,
                  baseSeverity: "Critical",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2023-20073",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2023-20073",
                  trust: 1,
                  value: "CRITICAL",
               },
               {
                  author: "ykramarz@cisco.com",
                  id: "CVE-2023-20073",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "CVE-2023-20073",
                  trust: 0.8,
                  value: "Critical",
               },
               {
                  author: "CNVD",
                  id: "CNVD-2023-09623",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-202302-139",
                  trust: 0.6,
                  value: "CRITICAL",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202302-139",
         },
         {
            db: "NVD",
            id: "CVE-2023-20073",
         },
         {
            db: "NVD",
            id: "CVE-2023-20073",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device. RV340 firmware, RV340W firmware, RV345 Multiple Cisco Systems products, including firmware, contain vulnerabilities that allow unrestricted upload of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The RV340, RV340W, RV345, and RV345P are Cisco's small business VPN routers. \n\r\n\r\nThere are binary vulnerabilities in many Cisco products, and attackers can use this vulnerability to upload files for overwriting. \nThere are no workarounds that address this vulnerability. \nThis advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
      sources: [
         {
            db: "NVD",
            id: "CVE-2023-20073",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
         {
            db: "VULMON",
            id: "CVE-2023-20073",
         },
      ],
      trust: 2.25,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2023-20073",
            trust: 3.9,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
            trust: 0.8,
         },
         {
            db: "CNVD",
            id: "CNVD-2023-09623",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2023.0606",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-202302-139",
            trust: 0.6,
         },
         {
            db: "VULMON",
            id: "CVE-2023-20073",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
         {
            db: "VULMON",
            id: "CVE-2023-20073",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202302-139",
         },
         {
            db: "NVD",
            id: "CVE-2023-20073",
         },
      ],
   },
   id: "VAR-202302-0119",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
      ],
      trust: 0.78174963,
   },
   iot_taxonomy: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            category: [
               "Network device",
            ],
            sub_category: null,
            trust: 0.6,
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
      ],
   },
   last_update_date: "2024-08-14T15:37:09.825000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "cisco-sa-sb-rv-afu-EXxwA65V",
            trust: 0.8,
            url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
         },
         {
            title: "Patch for Multiple Cisco products have binary vulnerabilities (CNVD-2023-09623)",
            trust: 0.6,
            url: "https://www.cnvd.org.cn/patchInfo/show/409441",
         },
         {
            title: "Cisco Small Business RV340 Fixes for code issue vulnerabilities",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqById.tag?id=232932",
         },
         {
            title: "Cisco: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-sb-rv-afu-EXxwA65V",
         },
      ],
      sources: [
         {
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
         {
            db: "VULMON",
            id: "CVE-2023-20073",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202302-139",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-434",
            trust: 1,
         },
         {
            problemtype: "Unlimited uploads of dangerous types of files (CWE-434) [NVD evaluation ]",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            db: "NVD",
            id: "CVE-2023-20073",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv-afu-exxwa65v",
         },
         {
            trust: 0.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2023-20073",
         },
         {
            trust: 0.6,
            url: "https://cxsecurity.com/cveshow/cve-2023-20073/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2023.0606",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2023-20073",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202302-139",
         },
         {
            db: "NVD",
            id: "CVE-2023-20073",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
         {
            db: "VULMON",
            id: "CVE-2023-20073",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            db: "CNNVD",
            id: "CNNVD-202302-139",
         },
         {
            db: "NVD",
            id: "CVE-2023-20073",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-02-23T00:00:00",
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
         {
            date: "2023-11-16T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            date: "2023-02-02T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202302-139",
         },
         {
            date: "2023-04-05T16:15:07.720000",
            db: "NVD",
            id: "CVE-2023-20073",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-02-17T00:00:00",
            db: "CNVD",
            id: "CNVD-2023-09623",
         },
         {
            date: "2023-11-16T07:42:00",
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
         {
            date: "2023-04-12T00:00:00",
            db: "CNNVD",
            id: "CNNVD-202302-139",
         },
         {
            date: "2023-11-07T04:05:56.720000",
            db: "NVD",
            id: "CVE-2023-20073",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202302-139",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Unrestricted upload vulnerability of dangerous file types in multiple Cisco Systems products",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2023-006872",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "code problem",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-202302-139",
         },
      ],
      trust: 0.6,
   },
}

gsd-2023-20073

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2023-20073

Aliases

CVE-2023-20073

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2023-20073",
      id: "GSD-2023-20073",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2023-20073",
         ],
         details: "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",
         id: "GSD-2023-20073",
         modified: "2023-12-13T01:20:28.765735Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "psirt@cisco.com",
            DATE_PUBLIC: "2023-02-02T00:00:00",
            ID: "CVE-2023-20073",
            STATE: "PUBLIC",
            TITLE: "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "Cisco Small Business RV Series Router Firmware ",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "Cisco",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",
               },
            ],
         },
         exploit: [
            {
               lang: "eng",
               value: "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. ",
            },
         ],
         impact: {
            cvss: {
               baseScore: "5.3",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N ",
               version: "3.0",
            },
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "CWE-434",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "20230202 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
                  refsource: "CISCO",
                  url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
               },
            ],
         },
         source: {
            advisory: "cisco-sa-sb-rv-afu-EXxwA65V",
            defect: [
               [
                  "CSCwe04040",
               ],
            ],
            discovery: "INTERNAL",
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.29",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.29",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.29",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndIncluding: "1.0.03.29",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "psirt@cisco.com",
               ID: "CVE-2023-20073",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-434",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20230202 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability",
                     refsource: "CISCO",
                     tags: [
                        "Vendor Advisory",
                     ],
                     url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
                  },
               ],
            },
         },
         impact: {
            baseMetricV3: {
               cvssV3: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               exploitabilityScore: 3.9,
               impactScore: 5.9,
            },
         },
         lastModifiedDate: "2023-04-11T19:16Z",
         publishedDate: "2023-04-05T16:15Z",
      },
   },
}

ghsa-w538-44mp-m2cm

Vulnerability from github

Published

2023-04-05 18:30

Modified

2023-04-11 21:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2023-20073",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-434",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2023-04-05T16:15:00Z",
      severity: "CRITICAL",
   },
   details: "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",
   id: "GHSA-w538-44mp-m2cm",
   modified: "2023-04-11T21:31:11Z",
   published: "2023-04-05T18:30:18Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2023-20073",
      },
      {
         type: "WEB",
         url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
      },
   ],
   schema_version: "1.4.0",
   severity: [
      {
         score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
         type: "CVSS_V3",
      },
   ],
}

fkie_cve-2023-20073

Vulnerability from fkie_nvd

Published

2023-04-05 16:15

Modified

2024-11-21 07:40

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	rv340_firmware	*
cisco	rv340	-
cisco	rv340w_firmware	*
cisco	rv340w	-
cisco	rv345_firmware	*
cisco	rv345	-
cisco	rv345p_firmware	*
cisco	rv345p	-

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D6DC9B66-238D-4E9C-A0D6-9AFD09549101",
                     versionEndIncluding: "1.0.03.29",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "02D7BEBD-B700-452C-A2F1-70009217F42F",
                     versionEndIncluding: "1.0.03.29",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "43A9B296-5632-49B9-8830-6C27EF1710A9",
                     versionEndIncluding: "1.0.03.29",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5E91E68B-CBE9-462E-82D4-6F588B8E84E8",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61989F1E-A4C9-450D-AF26-B2178108A260",
                     versionEndIncluding: "1.0.03.29",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5120BAB7-FB3A-481E-9ECD-48341846AFBD",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.",
      },
   ],
   id: "CVE-2023-20073",
   lastModified: "2024-11-21T07:40:29.387",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "psirt@cisco.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-05T16:15:07.720",
   references: [
      {
         source: "psirt@cisco.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V",
      },
   ],
   sourceIdentifier: "psirt@cisco.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-434",
            },
         ],
         source: "psirt@cisco.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-434",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from cvelistv5

Vulnerability from csaf_cisco

Vulnerability from csaf_cisco

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from variot

Vulnerability from gsd

Vulnerability from github

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature