CVE-2020-3453

Published: Sep 4, 2020Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (4)

Products: Cisco: Rv340w Firmware, Rv340 Firmware, Rv345 Firmware, Rv345p Firmware

4 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv340w Firmware	Before 1.0.03.19

Running on/with	Platform Versions
Cisco Rv340w	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv340 Firmware	Before 1.0.03.19

Running on/with	Platform Versions
Cisco Rv340	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv345 Firmware	Before 1.0.03.19

Running on/with	Platform Versions
Cisco Rv345	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Rv345p Firmware	Before 1.0.03.19

Running on/with	Platform Versions
Cisco Rv345p	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv

Source: psirt@cisco.com

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-1101/

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.zerodayinitiative.com/advisories/ZDI-20-1101/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.