CVE-2023-20073

Description

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

NVD
Severity: CRITICAL
CVE ID: CVE-2023-20073
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Cisco Systems, Inc.
Severity: MEDIUM
CVE ID: CVE-2023-20073
CVSS Score: 5.3
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-20073

Refrence: Project Discovery GitHub

RegularITCat

PoC based on https://unsafe%5b.%5dsh/go-173464.html research

Refrence: GitHub

Content on GitHub

codeb0ss | watchers:2

CVE-2023-20073-
Mass Exploit - CVE-2023-20073 - Cisco VPN Routers - [Unauthenticated Arbitrary File Upload and Stored XSS]

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub