CVE-2024-20335

CWE-78 — OS Command Injection CWE-121 — Stack-based Buffer Overflow4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 66.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Business Wireless Access Point Software

Timeline

PublishedMar 6

Description

A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to th…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

▶CVEListV5cisco/cisco_business_wireless_access_point_software46 versions+45

🔴Vulnerability Details

CVEList

CVE-2024-20335: A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remo↗2024-03-06

▶

GHSA

GHSA-vhj8-v78c-r8mp: A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remo↗2024-03-06

▶

📋Vendor Advisories

Cisco

Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection and Buffer Overflow Vulnerabilities↗2024-03-06

▶