Vulnerability-Lookup

BDU:2024-02043

Vulnerability from fstec - Published: 06.03.2024

Title

Уязвимость веб-интерфейса управления микропрограммного обеспечения маршрутизаторов Cisco Small Business 100, 300, 500 Series Wireless Access Points, позволяющая нарушителю выполнить произвольный код с правами пользователя root

Description

Уязвимость веб-интерфейса управления микропрограммного обеспечения маршрутизаторов Cisco Small Business 100, 300, 500 Series Wireless Access Points существует из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с правами пользователя root с помощью специально созданного HTTP-запроса

Severity


                    
                      AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Vendor

Cisco Systems Inc.

Software Name

Small Business 500 Series Wireless Access Point, Small Business 300 Series Wireless Access Point, Small Business 100 Series Wireless Access Point

Software Version

- (Small Business 500 Series Wireless Access Point), - (Small Business 300 Series Wireless Access Point), - (Small Business 100 Series Wireless Access Point)

Possible Mitigations

Компенсирующие меры: - ограничение доступа к оборудованию из общедоступных сетей (Интернет); - использование средств межсетевого экранирования и средств обнаружения и предотвращения вторжений (IDS/IPS) для отслеживания подключений к устройству; - сегментирование сети с целью ограничения доступа к оборудованию из других подсетей; - использование виртуальных частных сетей для организации удаленного доступа (VPN).

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB https://www.cybersecurity-help.cz/vdb/SB2024030732

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Small Business 500 Series Wireless Access Point), - (Small Business 300 Series Wireless Access Point), - (Small Business 100 Series Wireless Access Point)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044e \u0438\u0437 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442);\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 (IDS/IPS) \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443;\n- \u0441\u0435\u0433\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0435\u0442\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044e \u0438\u0437 \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u043e\u0434\u0441\u0435\u0442\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.03.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.03.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.03.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02043",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20335",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Small Business 500 Series Wireless Access Point, Small Business 300 Series Wireless Access Point, Small Business 100 Series Wireless Access Point",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Cisco Small Business 100, 300, 500 Series Wireless Access Points, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f root",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Cisco Small Business 100, 300, 500 Series Wireless Access Points \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f root \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB\nhttps://www.cybersecurity-help.cz/vdb/SB2024030732",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

CVE-2024-20335 (GCVE-0-2024-20335)

Vulnerability from cvelistv5 – Published: 2024-03-06 16:30 – Updated: 2024-08-01 21:59

Summary

A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

cisco

References

1 reference

URL	Tags
https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

2 products

Vendor	Product	Version
Cisco	Cisco Business Wireless Access Point Software	Affected: 1.0.0.13 Affected: 1.0.0.16 Affected: 1.0.0.3 Affected: 1.0.0.4 Affected: 1.0.0.5 Affected: 1.0.0.7 Affected: 1.0.1.2 Affected: 1.0.1.3 Affected: 1.0.1.5 Affected: 1.0.1.6 Affected: 1.0.1.7 Affected: 1.0.2.0 Affected: 1.0.3.1 Affected: 1.0.4.4 Affected: 1.0.4.3 Affected: 1.0.1.10 Affected: 1.0.5.0 Affected: 1.0.0.10 Affected: 1.0.0.12 Affected: 1.0.0.14 Affected: 1.0.0.15 Affected: 1.0.0.17 Affected: 1.0.0.9 Affected: 1.0.1.11 Affected: 1.0.1.12 Affected: 1.0.1.9 Affected: 1.0.2.6 Affected: 1.1.0.5 Affected: 1.1.0.7 Affected: 1.1.0.9 Affected: 1.1.1.0 Affected: 1.1.2.4 Affected: 1.1.4.6 Affected: 1.1.3.2 Affected: 1.1.4.0 Affected: 1.1.0.3 Affected: 1.1.0.4 Affected: 1.1.0.6 Affected: 1.1.2.3 Affected: 1.2.0.2 Affected: 1.2.0.3 Affected: 1.2.1.3 Affected: 1.3.0.3 Affected: 1.3.0.4 Affected: 1.3.0.6 Affected: 1.3.0.7
cisco	business_wireless_access_point_software	Affected: 1.0.0.10 Affected: 1.0.0.12 Affected: 1.0.0.13 Affected: 1.0.0.14 Affected: 1.0.0.15 Affected: 1.0.0.16 Affected: 1.0.0.17 Affected: 1.0.0.3 Affected: 1.0.0.4 Affected: 1.0.0.5 Affected: 1.0.0.7 Affected: 1.0.0.9 Affected: 1.0.1.10 Affected: 1.0.1.11 Affected: 1.0.1.12 Affected: 1.0.1.2 Affected: 1.0.1.3 Affected: 1.0.1.5 Affected: 1.0.1.6 Affected: 1.0.1.7 Affected: 1.0.1.9 Affected: 1.0.2.0 Affected: 1.0.2.6 Affected: 1.0.3.1 Affected: 1.0.4.3 Affected: 1.0.4.4 Affected: 1.0.5.0 Affected: 1.1.0.3 Affected: 1.1.0.4 Affected: 1.1.0.5 Affected: 1.1.0.6 Affected: 1.1.0.7 Affected: 1.1.0.9 Affected: 1.1.1.0 Affected: 1.1.2.3 Affected: 1.1.2.4 Affected: 1.1.3.2 Affected: 1.1.4.0 Affected: 1.1.4.6 Affected: 1.2.0.2 Affected: 1.2.0.3 Affected: 1.2.1.3 Affected: 1.3.0.3 Affected: 1.3.0.4 Affected: 1.3.0.6 Affected: 1.3.0.7 cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.10:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.12:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.13:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.14:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.15:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.16:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.17:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.3:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.4:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.5:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.7:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.9:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.10:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.11:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.12:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.2:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.3:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.5:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.6:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.7:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.9:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.0:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.6:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.3.1:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.3:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.4:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.5.0:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.3:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.4:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.5:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.6:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.7:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.9:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.1.0:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.3:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.4:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.3.2:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.0:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.6:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.2:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.3:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.1.3:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.3:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.4:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.6:::::::* cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.7:::::::*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.10:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.12:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.13:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.14:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.15:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.16:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.17:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.0.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.10:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.11:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.12:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.1.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.2.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.3.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.4.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.0.5.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.7:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.0.9:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.1.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.2.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.3.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.1.4.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.0.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.2.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:business_wireless_access_point_software:1.3.0.7:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "business_wireless_access_point_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0.10"
              },
              {
                "status": "affected",
                "version": "1.0.0.12"
              },
              {
                "status": "affected",
                "version": "1.0.0.13"
              },
              {
                "status": "affected",
                "version": "1.0.0.14"
              },
              {
                "status": "affected",
                "version": "1.0.0.15"
              },
              {
                "status": "affected",
                "version": "1.0.0.16"
              },
              {
                "status": "affected",
                "version": "1.0.0.17"
              },
              {
                "status": "affected",
                "version": "1.0.0.3"
              },
              {
                "status": "affected",
                "version": "1.0.0.4"
              },
              {
                "status": "affected",
                "version": "1.0.0.5"
              },
              {
                "status": "affected",
                "version": "1.0.0.7"
              },
              {
                "status": "affected",
                "version": "1.0.0.9"
              },
              {
                "status": "affected",
                "version": "1.0.1.10"
              },
              {
                "status": "affected",
                "version": "1.0.1.11"
              },
              {
                "status": "affected",
                "version": "1.0.1.12"
              },
              {
                "status": "affected",
                "version": "1.0.1.2"
              },
              {
                "status": "affected",
                "version": "1.0.1.3"
              },
              {
                "status": "affected",
                "version": "1.0.1.5"
              },
              {
                "status": "affected",
                "version": "1.0.1.6"
              },
              {
                "status": "affected",
                "version": "1.0.1.7"
              },
              {
                "status": "affected",
                "version": "1.0.1.9"
              },
              {
                "status": "affected",
                "version": "1.0.2.0"
              },
              {
                "status": "affected",
                "version": "1.0.2.6"
              },
              {
                "status": "affected",
                "version": "1.0.3.1"
              },
              {
                "status": "affected",
                "version": "1.0.4.3"
              },
              {
                "status": "affected",
                "version": "1.0.4.4"
              },
              {
                "status": "affected",
                "version": "1.0.5.0"
              },
              {
                "status": "affected",
                "version": "1.1.0.3"
              },
              {
                "status": "affected",
                "version": "1.1.0.4"
              },
              {
                "status": "affected",
                "version": "1.1.0.5"
              },
              {
                "status": "affected",
                "version": "1.1.0.6"
              },
              {
                "status": "affected",
                "version": "1.1.0.7"
              },
              {
                "status": "affected",
                "version": "1.1.0.9"
              },
              {
                "status": "affected",
                "version": "1.1.1.0"
              },
              {
                "status": "affected",
                "version": "1.1.2.3"
              },
              {
                "status": "affected",
                "version": "1.1.2.4"
              },
              {
                "status": "affected",
                "version": "1.1.3.2"
              },
              {
                "status": "affected",
                "version": "1.1.4.0"
              },
              {
                "status": "affected",
                "version": "1.1.4.6"
              },
              {
                "status": "affected",
                "version": "1.2.0.2"
              },
              {
                "status": "affected",
                "version": "1.2.0.3"
              },
              {
                "status": "affected",
                "version": "1.2.1.3"
              },
              {
                "status": "affected",
                "version": "1.3.0.3"
              },
              {
                "status": "affected",
                "version": "1.3.0.4"
              },
              {
                "status": "affected",
                "version": "1.3.0.6"
              },
              {
                "status": "affected",
                "version": "1.3.0.7"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20335",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-07T14:42:02.782698Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T15:07:27.344Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:41.400Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-sb-wap-multi-85G83CRB",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Business Wireless Access Point Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.13"
            },
            {
              "status": "affected",
              "version": "1.0.0.16"
            },
            {
              "status": "affected",
              "version": "1.0.0.3"
            },
            {
              "status": "affected",
              "version": "1.0.0.4"
            },
            {
              "status": "affected",
              "version": "1.0.0.5"
            },
            {
              "status": "affected",
              "version": "1.0.0.7"
            },
            {
              "status": "affected",
              "version": "1.0.1.2"
            },
            {
              "status": "affected",
              "version": "1.0.1.3"
            },
            {
              "status": "affected",
              "version": "1.0.1.5"
            },
            {
              "status": "affected",
              "version": "1.0.1.6"
            },
            {
              "status": "affected",
              "version": "1.0.1.7"
            },
            {
              "status": "affected",
              "version": "1.0.2.0"
            },
            {
              "status": "affected",
              "version": "1.0.3.1"
            },
            {
              "status": "affected",
              "version": "1.0.4.4"
            },
            {
              "status": "affected",
              "version": "1.0.4.3"
            },
            {
              "status": "affected",
              "version": "1.0.1.10"
            },
            {
              "status": "affected",
              "version": "1.0.5.0"
            },
            {
              "status": "affected",
              "version": "1.0.0.10"
            },
            {
              "status": "affected",
              "version": "1.0.0.12"
            },
            {
              "status": "affected",
              "version": "1.0.0.14"
            },
            {
              "status": "affected",
              "version": "1.0.0.15"
            },
            {
              "status": "affected",
              "version": "1.0.0.17"
            },
            {
              "status": "affected",
              "version": "1.0.0.9"
            },
            {
              "status": "affected",
              "version": "1.0.1.11"
            },
            {
              "status": "affected",
              "version": "1.0.1.12"
            },
            {
              "status": "affected",
              "version": "1.0.1.9"
            },
            {
              "status": "affected",
              "version": "1.0.2.6"
            },
            {
              "status": "affected",
              "version": "1.1.0.5"
            },
            {
              "status": "affected",
              "version": "1.1.0.7"
            },
            {
              "status": "affected",
              "version": "1.1.0.9"
            },
            {
              "status": "affected",
              "version": "1.1.1.0"
            },
            {
              "status": "affected",
              "version": "1.1.2.4"
            },
            {
              "status": "affected",
              "version": "1.1.4.6"
            },
            {
              "status": "affected",
              "version": "1.1.3.2"
            },
            {
              "status": "affected",
              "version": "1.1.4.0"
            },
            {
              "status": "affected",
              "version": "1.1.0.3"
            },
            {
              "status": "affected",
              "version": "1.1.0.4"
            },
            {
              "status": "affected",
              "version": "1.1.0.6"
            },
            {
              "status": "affected",
              "version": "1.1.2.3"
            },
            {
              "status": "affected",
              "version": "1.2.0.2"
            },
            {
              "status": "affected",
              "version": "1.2.0.3"
            },
            {
              "status": "affected",
              "version": "1.2.1.3"
            },
            {
              "status": "affected",
              "version": "1.3.0.3"
            },
            {
              "status": "affected",
              "version": "1.3.0.4"
            },
            {
              "status": "affected",
              "version": "1.3.0.6"
            },
            {
              "status": "affected",
              "version": "1.3.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-06T17:06:13.554Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-sb-wap-multi-85G83CRB",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB"
        }
      ],
      "source": {
        "advisory": "cisco-sa-sb-wap-multi-85G83CRB",
        "defects": [
          "CSCwi78277",
          "CSCwi83948",
          "CSCwi78254",
          "CSCwi78271"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20335",
    "datePublished": "2024-03-06T16:30:39.235Z",
    "dateReserved": "2023-11-08T15:08:07.642Z",
    "dateUpdated": "2024-08-01T21:59:41.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-02043

CVE-2024-20335 (GCVE-0-2024-20335)

Tags

Sightings

Nomenclature