var-202304-0297
Vulnerability from variot
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. RV016 Multi-WAN VPN firmware, RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN Cross-site scripting vulnerabilities exist in multiple Cisco Systems products, including firmware.Information may be obtained and information may be tampered with. Cisco Small Business Routers is a router device of Cisco. Remote attackers can exploit this vulnerability to inject malicious scripts or HTML code. When the malicious data is viewed, sensitive information can be obtained or user sessions can be hijacked
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202304-0297", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "rv042g", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "*" }, { "model": "rv042", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "*" }, { "model": "rv320", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "*" }, { "model": "rv325", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "*" }, { "model": "rv082", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "*" }, { "model": "rv016", "scope": "eq", "trust": 1.0, "vendor": "cisco", "version": "*" }, { "model": "cisco rv320 dual gigabit wan vpn \u30eb\u30fc\u30bf", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "rv042 dual wan vpn", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "cisco rv325 dual gigabit wan vpn \u30eb\u30fc\u30bf", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "rv016 multi-wan vpn", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "rv082 dual wan vpn", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "rv042g dual gigabit wan vpn", "scope": null, "trust": 0.8, "vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "small business routers rv016", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "small business routers rv042", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "small business routers rv042g", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "small business routers rv082", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "small business routers rv320", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null }, { "model": "small business routers rv325", "scope": null, "trust": 0.6, "vendor": "cisco", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-24744" }, { "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "db": "NVD", "id": "CVE-2023-20142" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:rv016_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:rv042_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:rv042g_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:rv082_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:rv320_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:cisco:rv325_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2023-20142" } ] }, "cve": "CVE-2023-20142", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CNVD-2024-24744", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 2.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "CVE-2023-20142", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2023-20142", "trust": 1.8, "value": "MEDIUM" }, { "author": "ykramarz@cisco.com", "id": "CVE-2023-20142", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNVD", "id": "CNVD-2024-24744", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202304-292", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-24744" }, { "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "db": "CNNVD", "id": "CNNVD-202304-292" }, { "db": "NVD", "id": "CVE-2023-20142" }, { "db": "NVD", "id": "CVE-2023-20142" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. RV016 Multi-WAN VPN firmware, RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN Cross-site scripting vulnerabilities exist in multiple Cisco Systems products, including firmware.Information may be obtained and information may be tampered with. Cisco Small Business Routers is a router device of Cisco. Remote attackers can exploit this vulnerability to inject malicious scripts or HTML code. When the malicious data is viewed, sensitive information can be obtained or user sessions can be hijacked", "sources": [ { "db": "NVD", "id": "CVE-2023-20142" }, { "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "db": "CNVD", "id": "CNVD-2024-24744" }, { "db": "VULMON", "id": "CVE-2023-20142" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2023-20142", "trust": 3.9 }, { "db": "JVNDB", "id": "JVNDB-2023-007121", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2024-24744", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2023.2020", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202304-292", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2023-20142", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-24744" }, { "db": "VULMON", "id": "CVE-2023-20142" }, { "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "db": "CNNVD", "id": "CNNVD-202304-292" }, { "db": "NVD", "id": "CVE-2023-20142" } ] }, "id": "VAR-202304-0297", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2024-24744" } ], "trust": 1.0116747799999999 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-24744" } ] }, "last_update_date": "2024-06-01T22:26:30.047000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "cisco-sa-rv-stored-xss-vqz7gC8W", "trust": 0.8, "url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-vqz7gc8w" }, { "title": "Patch for Cisco Small Business Routers Web Management Interface Cross-Site Scripting Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/546621" }, { "title": "Cisco Small Business Fixes for cross-site scripting vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=233390" }, { "title": "Cisco: Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-rv-stored-xss-vqz7gc8w" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-24744" }, { "db": "VULMON", "id": "CVE-2023-20142" }, { "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "db": "CNNVD", "id": "CNNVD-202304-292" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-79", "trust": 1.0 }, { "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "db": "NVD", "id": "CVE-2023-20142" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-vqz7gc8w" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2023-20142" }, { "trust": 0.6, "url": "https://cxsecurity.com/cveshow/cve-2023-20142/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2023.2020" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2024-24744" }, { "db": "VULMON", "id": "CVE-2023-20142" }, { "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "db": "CNNVD", "id": "CNNVD-202304-292" }, { "db": "NVD", "id": "CVE-2023-20142" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2024-24744" }, { "db": "VULMON", "id": "CVE-2023-20142" }, { "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "db": "CNNVD", "id": "CNNVD-202304-292" }, { "db": "NVD", "id": "CVE-2023-20142" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-05-16T00:00:00", "db": "CNVD", "id": "CNVD-2024-24744" }, { "date": "2023-04-05T00:00:00", "db": "VULMON", "id": "CVE-2023-20142" }, { "date": "2023-11-17T00:00:00", "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "date": "2023-04-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-292" }, { "date": "2023-04-05T19:15:08.920000", "db": "NVD", "id": "CVE-2023-20142" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2024-05-29T00:00:00", "db": "CNVD", "id": "CNVD-2024-24744" }, { "date": "2023-04-06T00:00:00", "db": "VULMON", "id": "CVE-2023-20142" }, { "date": "2023-11-17T06:04:00", "db": "JVNDB", "id": "JVNDB-2023-007121" }, { "date": "2023-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202304-292" }, { "date": "2023-11-07T04:06:12.073000", "db": "NVD", "id": "CVE-2023-20142" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-292" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Cross-site scripting vulnerability in multiple Cisco Systems products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2023-007121" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "XSS", "sources": [ { "db": "CNNVD", "id": "CNNVD-202304-292" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.