Detections
Analytics
Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers XSS Vulnerabilities (cisco-sa-rv-stored-xss-vqz7gC8W)
medium Nessus Plugin ID 173978
Language:
Synopsis
The remote device is missing a vendor-supplied security patch.Description
According to its self-reported version, Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilities is affected by multiple vulnerabilities:- Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwe21294, CSCwe75298, CSCwe75302, CSCwe75304, CSCwe75324, CSCwe75338, CSCwe75341, CSCwe75346, CSCwe75348, CSCwe75352, CSCwe75355, CSCwe75367, CSCwe75369, CSCwe75375, CSCwe75377See Also
http://www.nessus.org/u?54397251
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe21294
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75298
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75302
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75304
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75352
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75355
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75367
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75369
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75375
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75377
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75324
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75338
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe75341
Plugin Details
Severity: Medium
ID: 173978
File Name: cisco-sa-rv-stored-xss-vqz7gC8W.nasl
Version: 1.1
Type: remote
Family: CISCO
Published: 4/6/2023
Updated: 10/24/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2023-20151
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: x-cpe:/o:cisco:small_business_rv_series_router_firmware, cpe:/o:cisco:rv320_firmware, cpe:/o:cisco:rv325_firmware, cpe:/o:cisco:rv016_firmware, cpe:/o:cisco:rv042_firmware, cpe:/o:cisco:rv042g_firmware, cpe:/o:cisco:rv082_firmware, cpe:/h:cisco:rv320, cpe:/h:cisco:rv325, cpe:/h:cisco:rv016, cpe:/h:cisco:rv042, cpe:/h:cisco:rv042g, cpe:/h:cisco:rv082
Required KB Items: Cisco/Small_Business_Router/Version, Cisco/Small_Business_Router/Model
Exploit Ease: No known exploits are available
Patch Publication Date: 4/5/2023
Vulnerability Publication Date: 4/5/2023
Reference Information
CVE: CVE-2023-20137, CVE-2023-20138, CVE-2023-20139, CVE-2023-20140, CVE-2023-20141, CVE-2023-20142, CVE-2023-20143, CVE-2023-20144, CVE-2023-20145, CVE-2023-20146, CVE-2023-20147, CVE-2023-20148, CVE-2023-20149, CVE-2023-20150, CVE-2023-20151
CISCO-SA: cisco-sa-rv-stored-xss-vqz7gC8W
CISCO-BUG-ID: CSCwe21294, CSCwe75298, CSCwe75302, CSCwe75304, CSCwe75324, CSCwe75338, CSCwe75341, CSCwe75346, CSCwe75348, CSCwe75352, CSCwe75355, CSCwe75367, CSCwe75369, CSCwe75375, CSCwe75377