CVE-2023-20045
published 2023-01-20CVE-2023-20045: A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker…
PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.96%
57.2th percentile
A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_rv_series_router_firmware | — | — |
| cisco | rv160_vpn_router_firmware | < 1.0.01.04 | 1.0.01.04 |
| cisco | rv160w_wireless-ac_vpn_router_firmware | < 1.0.01.04 | 1.0.01.04 |
| cisco | rv260_vpn_router_firmware | < 1.0.01.04 | 1.0.01.04 |
| cisco | rv260p_vpn_router_with_poe_firmware | < 1.0.01.04 | 1.0.01.04 |
| cisco | small_business_rv160_and_rv260_series_vpn_routers | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_cisco4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
vendor_cisco·2023-01-11·CVSS 4.9
CVE-2023-20045 [MEDIUM] CWE-77 Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device.
This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device.
There are
Cisco
Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
vendor_cisco·CVSS 3.1
CVE-2023-20045 Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
CVE-2023-20045: Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root -level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator -level credentials on the affected d
GHSA
GHSA-fxmm-jp7q-8qvp: A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote
ghsa_unreviewed·2023-01-20
CVE-2023-20045 [HIGH] CWE-20 GHSA-fxmm-jp7q-8qvp: A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote
A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-20
Published