CVE-2023-20128

HIGH Year: 2023
CVSS v3 Score
7.2
High
Weakness Type
CWE-146
View all →

Vulnerability Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.

Related Vulnerabilities

CVE-2023-20117

HIGH
CVSS:7.2(High)

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute ...

CWE-1462023

CVE-2022-4055

HIGH
CVSS:7.4(High)

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An atta...

CWE-1462022

CVE-2023-20035

HIGH
CVSS:7.8(High)

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficien...

CWE-1462023

CVE-2024-20470

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arb...

CWE-1462024

CVE-2024-20329

CRITICAL
CVSS:9.9(Critical)

A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to execute operating system commands as root. This vulnerability ...

CWE-1462024

CVE-2023-20035

HIGH
CVSS:7.8(High)

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficien...

CWE-1462023