CVE-2024-20336

CWE-121Stack-based Buffer OverflowCWE-78OS Command Injection4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 67.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Cisco Business Wireless Access Point Software
Timeline
PublishedMar 6

Description

A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-ba

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2024-20336: A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote att2024-03-06
GHSA
GHSA-5v2f-93mx-7r24: A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote att2024-03-06

📋Vendor Advisories

1
Cisco
Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection and Buffer Overflow Vulnerabilities2024-03-06
CVE-2024-20336 (MEDIUM CVSS 6.5) | A vulnerability in the web-based us | cvebase.io