CVE-2023-20007

CWE-120 — Classic Buffer Overflow CWE-78 — OS Command Injection CWE-359 CWE-668 — Exposure to Wrong Sphere5 documents5 sources

Severity

7.2HIGH

EPSS

0.4%

top 40.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv340 Firmware Cisco Rv340w Firmware Cisco Rv345 Firmware +2 more

Timeline

PublishedJan 20

Latest updateApr 12

Description

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials. This vulnerability is due to insufficient validation of user-supplied input to the web-based manageme…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages5 packages

▶NVDcisco/rv340w_firmware< 1.0.03.29

▶NVDcisco/rv345p_firmware< 1.0.03.29

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmware19 versions+18

▶NVDcisco/rv340_firmware< 1.0.03.29

▶NVDcisco/rv345_firmware< 1.0.03.29

🔴Vulnerability Details

GHSA

Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm↗2023-04-12

▶

GHSA

GHSA-j77g-rccp-fpvv: A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allo↗2023-01-20

▶

CVEList

CVE-2023-20007: A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allo↗2023-01-19

▶

📋Vendor Advisories

Cisco

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Remote Code Execution and Denial of Service Vulnerability↗2023-01-11

▶