SB2024100419 - Multiple vulnerabilities in Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024100419

SB2024100419 - Multiple vulnerabilities in Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers

Published: October 4, 2024

Security Bulletin ID SB2024100419
Severity
Medium
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper Authorization (CVE-ID: CVE-2024-20393)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to insufficient authorization controls in the web-based management interface. A remote user can send specially crafted HTTP input and elevate privileges from guest to admin.


2) Improper Neutralization of Expression/Command Delimiters (CVE-ID: CVE-2024-20470)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to the web-based management interface does not sufficiently validate user-supplied input. A remote administrator can send a specially crafted HTTP request and execute arbitrary code as the root user on the underlying operating system.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References