CVE-2020-3358

EUVD-2020-24629

16.07.2020, 18:15

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
cisco	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 41%

Affected Products (NVD)

Vendor	Product	Version
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	𝑥 < 1.0.03.18
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	𝑥 < 1.0.03.18
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	𝑥 < 1.0.03.18
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	𝑥 < 1.0.03.18

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7