CVE-2020-3358Improper Input Validation in Cisco Rv340 Dual WAN Gigabit VPN Router Firmware

CWE-20Improper Input Validation8 documents5 sources
Severity
8.6HIGHNVD
EPSS
0.2%
top 57.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Rv340 Dual WAN Gigabit VPN Router FirmwareCisco Rv340w Dual WAN Gigabit Wireless-ac VPN Router FirmwareCisco Rv345 Dual WAN Gigabit VPN Router Firmware+2 more
Timeline
PublishedJul 16
Latest updateMay 24

Description

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages5 packages

🔴Vulnerability Details

2
GHSA
GHSA-rjmm-h25r-cqxf: A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker2022-05-24
CVEList
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability2020-07-16

📋Vendor Advisories

1
Cisco
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability2020-07-15

💬Community

4
Bugzilla
CVE-2020-14296 CloudForms: Server-Side Request Forgery (SSRF) in Ansible Tower Provider2020-06-17
Bugzilla
CVE-2020-10780 CloudForms: CSV Injection in Orchestration Templates2020-06-17
Bugzilla
CVE-2020-10777 CloudForms: Cross Site Scripting in report menu title / HTML Code Injection2020-06-16
Bugzilla
CVE-2020-10778 CloudForms: Business logic bypass through widgets2020-06-16
CVE-2020-3358 — Improper Input Validation in Cisco | cvebase