2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2020-3453" ,
"sourceIdentifier" : "ykramarz@cisco.com" ,
"published" : "2020-09-04T03:15:10.200" ,
2023-11-07 21:03:21 +00:00
"lastModified" : "2023-11-07T03:22:44.653" ,
"vulnStatus" : "Modified" ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory."
} ,
{
"lang" : "es" ,
"value" : "Multiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de Cisco Small Business RV340 Series Routers, podr\u00edan permitir a un atacante remoto autenticado con credenciales administrativas ejecutar comandos arbitrarios en el sistema operativo (SO) subyacente como un usuario restringido. Para m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consultar la secci\u00f3n Detalles de este aviso"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
"attackVector" : "ADJACENT_NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
"availabilityImpact" : "HIGH" ,
"baseScore" : 6.8 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 0.9 ,
"impactScore" : 5.9
2023-11-07 21:03:21 +00:00
} ,
2023-04-24 12:24:31 +02:00
{
2023-11-07 21:03:21 +00:00
"source" : "d1c1063e-7a18-46af-9102-31f8928bc633" ,
2023-04-24 12:24:31 +02:00
"type" : "Secondary" ,
"cvssData" : {
2023-11-07 21:03:21 +00:00
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "LOW" ,
"baseScore" : 4.7 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 1.2 ,
"impactScore" : 3.4
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:A/AC:L/Au:S/C:C/I:C/A:C" ,
"accessVector" : "ADJACENT_NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "SINGLE" ,
"confidentialityImpact" : "COMPLETE" ,
"integrityImpact" : "COMPLETE" ,
"availabilityImpact" : "COMPLETE" ,
"baseScore" : 7.7
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 5.1 ,
"impactScore" : 10.0 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-20"
}
]
} ,
{
2023-11-07 21:03:21 +00:00
"source" : "d1c1063e-7a18-46af-9102-31f8928bc633" ,
2023-04-24 12:24:31 +02:00
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-119"
}
]
}
] ,
"configurations" : [
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:rv340w_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.0.03.19" ,
"matchCriteriaId" : "87167F32-831D-4E25-B007-406A6D54F50A"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:rv340w:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "21E55019-F969-4ACD-A6C8-1D2EE05F8EE4"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.0.03.19" ,
"matchCriteriaId" : "493AF110-2F36-4516-9087-D7F014EAB8F3"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:rv340:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2A4411AC-2A74-4315-BA6B-D7E1AA538BDB"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:rv345_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.0.03.19" ,
"matchCriteriaId" : "BDF62FE5-93FD-4E7C-8245-51D09FAC353A"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:rv345:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5E91E68B-CBE9-462E-82D4-6F588B8E84E8"
}
]
}
]
} ,
{
"operator" : "AND" ,
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:cisco:rv345p_firmware:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "1.0.03.19" ,
"matchCriteriaId" : "75245663-EE02-4E2C-9C2B-BC0BA1A0FF8F"
}
]
} ,
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : false ,
"criteria" : "cpe:2.3:h:cisco:rv345p:-:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5120BAB7-FB3A-481E-9ECD-48341846AFBD"
}
]
}
]
}
] ,
"references" : [
{
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv" ,
"source" : "ykramarz@cisco.com" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-20-1101/" ,
"source" : "ykramarz@cisco.com" ,
"tags" : [
"Third Party Advisory" ,
"VDB Entry"
]
}
]
}
