CVE-2024-20393

CWE-285 CWE-1464 documents4 sources

Severity

8.8HIGH

EPSS

1.4%

top 19.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Small Business RV Series Router Firmware Cisco Rv340 Dual WAN Gigabit VPN Router Firmware Cisco Rv340w Dual WAN Gigabit Wireless-ac VPN Router Firmware +2 more

Timeline

PublishedOct 2

Description

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges f…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDcisco/rv345p_dual_wan_gigabit_poe_vpn_router_firmware20 versions+19

▶NVDcisco/rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware20 versions+19

▶NVDcisco/rv340_dual_wan_gigabit_vpn_router_firmware20 versions+19

▶NVDcisco/rv345_dual_wan_gigabit_vpn_router_firmware20 versions+19

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmware20 versions+19

🔴Vulnerability Details

CVEList

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability↗2024-10-02

▶

GHSA

GHSA-95px-w8x3-2w55: A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allo↗2024-10-02

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities↗2024-10-02

▶