nvd-json-data-feeds/CVE-2024/CVE-2024-205xx/CVE-2024-20522.json

{
  "id": "CVE-2024-20522",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-10-02T17:15:19.490",
  "lastModified": "2024-10-04T13:50:43.727",
  "vulnStatus": "Undergoing Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n&nbsp;\r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de los enrutadores Cisco Small Business RV042, RV042G, RV320 y RV325 podr\u00eda permitir que un atacante remoto autenticado, de nivel de administrador, provoque una recarga inesperada de un dispositivo afectado, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales de administrador v\u00e1lidas en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de la entrada del usuario que se encuentra en los paquetes HTTP entrantes. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud HTTP manipulada a la interfaz de administraci\u00f3n basada en web del dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante provoque una recarga inesperada del dispositivo, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",
      "source": "ykramarz@cisco.com"
    }
  ]
}
Auto-Update: 2024-10-02T18:00:19.734939+00:00 2024-10-02 18:03:18 +00:00			`{`
			`"id": "CVE-2024-20522",`
			`"sourceIdentifier": "ykramarz@cisco.com",`
			`"published": "2024-10-02T17:15:19.490",`
Auto-Update: 2024-10-04T14:00:27.718839+00:00 2024-10-04 14:03:27 +00:00			`"lastModified": "2024-10-04T13:50:43.727",`
Auto-Update: 2024-10-06T02:00:16.927213+00:00 2024-10-06 02:03:15 +00:00			`"vulnStatus": "Undergoing Analysis",`
Auto-Update: 2024-10-02T18:00:19.734939+00:00 2024-10-02 18:03:18 +00:00			`"cveTags": [],`
			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.\r\n \r\nThis vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition."
Auto-Update: 2024-10-04T14:00:27.718839+00:00 2024-10-04 14:03:27 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de los enrutadores Cisco Small Business RV042, RV042G, RV320 y RV325 podr\u00eda permitir que un atacante remoto autenticado, de nivel de administrador, provoque una recarga inesperada de un dispositivo afectado, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Para explotar esta vulnerabilidad, un atacante necesitar\u00eda tener credenciales de administrador v\u00e1lidas en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de la entrada del usuario que se encuentra en los paquetes HTTP entrantes. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud HTTP manipulada a la interfaz de administraci\u00f3n basada en web del dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que el atacante provoque una recarga inesperada del dispositivo, lo que da como resultado una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."
Auto-Update: 2024-10-02T18:00:19.734939+00:00 2024-10-02 18:03:18 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "ykramarz@cisco.com",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "HIGH",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 1.2,`
			`"impactScore": 5.2`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "ykramarz@cisco.com",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-122"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV",`
			`"source": "ykramarz@cisco.com"`
			`}`
			`]`
			`}`