Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3286

Опубликовано: 18 июн. 2020
Источник: nvd
CVSS3: 7.2
CVSS3: 7.2
CVSS2: 9
EPSS Низкий

Описание

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:rv016_firmware:*:*:*:*:*:*:*:*
Версия до 4.2.3.10 (включая)
cpe:2.3:h:cisco:rv016:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:cisco:rv042_firmware:*:*:*:*:*:*:*:*
Версия до 4.2.3.10 (включая)
cpe:2.3:h:cisco:rv042:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:cisco:rv042g_firmware:*:*:*:*:*:*:*:*
Версия до 4.2.3.10 (включая)
cpe:2.3:h:cisco:rv042g:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:cisco:rv082_firmware:*:*:*:*:*:*:*:*
Версия до 4.2.3.10 (включая)
cpe:2.3:h:cisco:rv082:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:cisco:rv320_firmware:*:*:*:*:*:*:*:*
Версия до 1.5.1.05 (включая)
cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:cisco:rv325_firmware:*:*:*:*:*:*:*:*
Версия до 1.5.1.05 (включая)
cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03349
Низкий

7.2 High

CVSS3

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-119
CWE-787

Связанные уязвимости

github логотип

GHSA-2gqf-hxr7-jh68

github
больше 3 лет назад

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.

fstec логотип

BDU:2020-03022

CVSS3: 7.2
fstec
около 5 лет назад

Уязвимость веб-интерфейса администрирования микропрограммного обеспечения маршрутизаторов Cisco Small Business RV320, Cisco Small Business RV325, Cisco Small Business RV016, Cisco Small Business RV042, Cisco Small Business RV082, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код с привилегиями root

EPSS

Процентиль: 87%
0.03349
Низкий

7.2 High

CVSS3

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-119
CWE-787