CVE-2020-3357Improper Input Validation in Cisco Rv340 Dual WAN Gigabit VPN Router Firmware

CWE-20Improper Input Validation4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
4.1%
top 11.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Rv340 Dual WAN Gigabit VPN Router FirmwareCisco Rv340w Dual WAN Gigabit Wireless-ac VPN Router FirmwareCisco Rv345 Dual WAN Gigabit VPN Router Firmware+2 more
Timeline
PublishedJul 16
Latest updateMay 24

Description

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connectio

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

🔴Vulnerability Details

2
GHSA
GHSA-x7v4-2v57-r86h: A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers co2022-05-24
CVEList
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability2020-07-16

📋Vendor Advisories

1
Cisco
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability2020-07-15
CVE-2020-3357 — Improper Input Validation in Cisco | cvebase