CVE-2020-3358 - Vulnerability Details

CVE-2020-3358 - Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Denial of Service Vulnerability

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Cisco	Rv340 Dual Wan Gigabit Vpn Router Rv340 Dual Wan Gigabit Vpn Router Firmware Rv340w Dual Wan Gigabit Wireless-ac Vpn Router Rv340w Dual Wan Gigabit Wireless-ac Vpn Router Firmware Rv345 Dual Wan Gigabit Vpn Router Rv345 Dual Wan Gigabit Vpn Router Firmware Rv345p Dual Wan Gigabit Poe Vpn Router Rv345p Dual Wan Gigabit Poe Vpn Router Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv340_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv345_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv345p_dual_wan_gigabit_poe_vpn_router:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7

History

Fri, 15 Nov 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-07-16T17:21:28.529068Z

Updated: 2024-11-15T16:53:59.870Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3358

Vulnrichment

Updated: 2024-08-04T07:30:58.220Z

NVD

Status : Modified

Published: 2020-07-16T18:15:18.173

Modified: 2024-11-21T05:30:52.327

Link: CVE-2020-3358

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object