cbcvebase.
CVE-2020-3358
published 2020-07-16

CVE-2020-3358: A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause…

PriorityP348high8.6CVSS 3.1
AVNACLPRNUINSCCNINAH
EPSS
1.35%
68.0th percentile
A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition.

Affected

6 ranges
VendorProductVersion rangeFixed in
ciscocisco_small_business_rv_series_router_firmware
ciscorv340_dual_wan_gigabit_vpn_router_firmware< 1.0.03.181.0.03.18
ciscorv340_rv340w_rv345_and_rv345p_dual_wan_gigabit_vpn_routers_ssl
ciscorv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware< 1.0.03.181.0.03.18
ciscorv345_dual_wan_gigabit_vpn_router_firmware< 1.0.03.181.0.03.18
ciscorv345p_dual_wan_gigabit_poe_vpn_router_firmware< 1.0.03.181.0.03.18

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_cisco8.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.