CVE-2020-3453

CWE-119 — Buffer Overflow CWE-20 — Improper Input Validation7 documents5 sources

Severity

6.8MEDIUM

EPSS

1.4%

top 19.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv340 Firmware Cisco Rv340w Firmware Cisco Rv345 Firmware +2 more

Timeline

PublishedSep 4

Latest updateMay 24

Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages5 packages

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwaren/a

▶NVDcisco/rv340_firmware< 1.0.03.19

▶NVDcisco/rv340w_firmware< 1.0.03.19

▶NVDcisco/rv345_firmware< 1.0.03.19

▶NVDcisco/rv345p_firmware< 1.0.03.19

🔴Vulnerability Details

GHSA

GHSA-4w5g-66r3-886x: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attac↗2022-05-24

▶

CVEList

Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities↗2020-09-04

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilities↗2020-09-02

▶

💬Community

Bugzilla

CVE-2020-2224 jenkins-2-plugins/matrix-project: Stored XSS vulnerability in single axis builds tooltips↗2020-07-15

▶

Bugzilla

CVE-2020-2225 jenkins-2-plugins/matrix-project: Stored XSS vulnerability in multiple axis builds tooltips↗2020-07-15

▶

Bugzilla

CVE-2020-2226 jenkins-2-plugins/matrix-auth: Stored XSS vulnerability in Matrix Authorization Strategy Plugin↗2020-07-15

▶