Vulnerability-Lookup

CVE-2024-20393 (GCVE-0-2024-20393)

Vulnerability from cvelistv5 – Published: 2024-10-02 16:53 – Updated: 2024-10-02 19:58

Title

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability

Summary

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-285 - Improper Authorization

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Small Business RV Series Router Firmware	Affected: 1.0.01.17 Affected: 1.0.03.17 Affected: 1.0.01.16 Affected: 1.0.01.18 Affected: 1.0.00.29 Affected: 1.0.03.16 Affected: 1.0.03.15 Affected: 1.0.02.16 Affected: 1.0.01.20 Affected: 1.0.00.33 Affected: 1.0.03.18 Affected: 1.0.03.19 Affected: 1.0.03.20 Affected: 1.0.03.21 Affected: 1.0.03.22 Affected: 1.0.03.24 Affected: 1.0.03.26 Affected: 1.0.03.27 Affected: 1.0.03.28 Affected: 1.0.03.29

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "small_business_rv_series_router_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.01.17"
              },
              {
                "status": "affected",
                "version": "1.0.03.17"
              },
              {
                "status": "affected",
                "version": "1.0.01.16"
              },
              {
                "status": "affected",
                "version": "1.0.01.18"
              },
              {
                "status": "affected",
                "version": "1.0.00.29"
              },
              {
                "status": "affected",
                "version": "1.0.03.16"
              },
              {
                "status": "affected",
                "version": "1.0.03.15"
              },
              {
                "status": "affected",
                "version": "1.0.02.16"
              },
              {
                "status": "affected",
                "version": "1.0.01.20"
              },
              {
                "status": "affected",
                "version": "1.0.00.33"
              },
              {
                "status": "affected",
                "version": "1.0.03.18"
              },
              {
                "status": "affected",
                "version": "1.0.03.19"
              },
              {
                "status": "affected",
                "version": "1.0.03.20"
              },
              {
                "status": "affected",
                "version": "1.0.03.21"
              },
              {
                "status": "affected",
                "version": "1.0.03.22"
              },
              {
                "status": "affected",
                "version": "1.0.03.24"
              },
              {
                "status": "affected",
                "version": "1.0.03.26"
              },
              {
                "status": "affected",
                "version": "1.0.03.27"
              },
              {
                "status": "affected",
                "version": "1.0.03.28"
              },
              {
                "status": "affected",
                "version": "1.0.03.29"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20393",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T19:02:15.620891Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T19:58:58.443Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Small Business RV Series Router Firmware",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.01.17"
            },
            {
              "status": "affected",
              "version": "1.0.03.17"
            },
            {
              "status": "affected",
              "version": "1.0.01.16"
            },
            {
              "status": "affected",
              "version": "1.0.01.18"
            },
            {
              "status": "affected",
              "version": "1.0.00.29"
            },
            {
              "status": "affected",
              "version": "1.0.03.16"
            },
            {
              "status": "affected",
              "version": "1.0.03.15"
            },
            {
              "status": "affected",
              "version": "1.0.02.16"
            },
            {
              "status": "affected",
              "version": "1.0.01.20"
            },
            {
              "status": "affected",
              "version": "1.0.00.33"
            },
            {
              "status": "affected",
              "version": "1.0.03.18"
            },
            {
              "status": "affected",
              "version": "1.0.03.19"
            },
            {
              "status": "affected",
              "version": "1.0.03.20"
            },
            {
              "status": "affected",
              "version": "1.0.03.21"
            },
            {
              "status": "affected",
              "version": "1.0.03.22"
            },
            {
              "status": "affected",
              "version": "1.0.03.24"
            },
            {
              "status": "affected",
              "version": "1.0.03.26"
            },
            {
              "status": "affected",
              "version": "1.0.03.27"
            },
            {
              "status": "affected",
              "version": "1.0.03.28"
            },
            {
              "status": "affected",
              "version": "1.0.03.29"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-02T16:53:04.527Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-rv34x-privesc-rce-qE33TCms",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms"
        }
      ],
      "source": {
        "advisory": "cisco-sa-rv34x-privesc-rce-qE33TCms",
        "defects": [
          "CSCwm27935"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20393",
    "datePublished": "2024-10-02T16:53:04.527Z",
    "dateReserved": "2023-11-08T15:08:07.659Z",
    "dateUpdated": "2024-10-02T19:58:58.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20393\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-02T19:02:15.620891Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"small_business_rv_series_router_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.01.17\"}, {\"status\": \"affected\", \"version\": \"1.0.03.17\"}, {\"status\": \"affected\", \"version\": \"1.0.01.16\"}, {\"status\": \"affected\", \"version\": \"1.0.01.18\"}, {\"status\": \"affected\", \"version\": \"1.0.00.29\"}, {\"status\": \"affected\", \"version\": \"1.0.03.16\"}, {\"status\": \"affected\", \"version\": \"1.0.03.15\"}, {\"status\": \"affected\", \"version\": \"1.0.02.16\"}, {\"status\": \"affected\", \"version\": \"1.0.01.20\"}, {\"status\": \"affected\", \"version\": \"1.0.00.33\"}, {\"status\": \"affected\", \"version\": \"1.0.03.18\"}, {\"status\": \"affected\", \"version\": \"1.0.03.19\"}, {\"status\": \"affected\", \"version\": \"1.0.03.20\"}, {\"status\": \"affected\", \"version\": \"1.0.03.21\"}, {\"status\": \"affected\", \"version\": \"1.0.03.22\"}, {\"status\": \"affected\", \"version\": \"1.0.03.24\"}, {\"status\": \"affected\", \"version\": \"1.0.03.26\"}, {\"status\": \"affected\", \"version\": \"1.0.03.27\"}, {\"status\": \"affected\", \"version\": \"1.0.03.28\"}, {\"status\": \"affected\", \"version\": \"1.0.03.29\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-02T19:57:11.915Z\"}}], \"cna\": {\"title\": \"Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability\", \"source\": {\"defects\": [\"CSCwm27935\"], \"advisory\": \"cisco-sa-rv34x-privesc-rce-qE33TCms\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Small Business RV Series Router Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.01.17\"}, {\"status\": \"affected\", \"version\": \"1.0.03.17\"}, {\"status\": \"affected\", \"version\": \"1.0.01.16\"}, {\"status\": \"affected\", \"version\": \"1.0.01.18\"}, {\"status\": \"affected\", \"version\": \"1.0.00.29\"}, {\"status\": \"affected\", \"version\": \"1.0.03.16\"}, {\"status\": \"affected\", \"version\": \"1.0.03.15\"}, {\"status\": \"affected\", \"version\": \"1.0.02.16\"}, {\"status\": \"affected\", \"version\": \"1.0.01.20\"}, {\"status\": \"affected\", \"version\": \"1.0.00.33\"}, {\"status\": \"affected\", \"version\": \"1.0.03.18\"}, {\"status\": \"affected\", \"version\": \"1.0.03.19\"}, {\"status\": \"affected\", \"version\": \"1.0.03.20\"}, {\"status\": \"affected\", \"version\": \"1.0.03.21\"}, {\"status\": \"affected\", \"version\": \"1.0.03.22\"}, {\"status\": \"affected\", \"version\": \"1.0.03.24\"}, {\"status\": \"affected\", \"version\": \"1.0.03.26\"}, {\"status\": \"affected\", \"version\": \"1.0.03.27\"}, {\"status\": \"affected\", \"version\": \"1.0.03.28\"}, {\"status\": \"affected\", \"version\": \"1.0.03.29\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms\", \"name\": \"cisco-sa-rv34x-privesc-rce-qE33TCms\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.\\r\\n\\r\\nThis vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-285\", \"description\": \"Improper Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-10-02T16:53:04.527Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-20393\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-02T19:58:58.443Z\", \"dateReserved\": \"2023-11-08T15:08:07.659Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-10-02T16:53:04.527Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CVE-2024-20393

Vulnerability from fstec - Published: 02.10.2024

Title

Уязвимость веб-интерфейса управления микропрограммного обеспечения маршрутизаторов Cisco Small Business RV340, RV340W, RV345 и RV345P Dual WAN Gigabit VPN Routers, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость веб-интерфейса управления микропрограммного обеспечения маршрутизаторов Cisco Small Business RV340, RV340W, RV345 и RV345P Dual WAN Gigabit VPN Routers связана с недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, повысить свои привилегии с уровня «гостя» до «администратора» путём отправки специально сформированного HTTP-запроса

Severity ?


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco RV340W, Cisco RV340, Cisco RV345, Cisco RV345P

Software Version

- (Cisco RV340W), - (Cisco RV340), - (Cisco RV345), - (Cisco RV345P)

Possible Mitigations

Компенсирующие меры: - отключение/удаление неиспользуемых учётных записей пользователей; - использование средств межсетевого экранирования для предотвращения попыток эксплуатации уязвимости; - ограничение доступа к устройству из внешних сетей (Интернет). Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCm

CWE

CWE-285

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Cisco RV340W), - (Cisco RV340), - (Cisco RV345), - (Cisco RV345P)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 \u0438\u0437 \u0432\u043d\u0435\u0448\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 (\u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "02.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "07.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.10.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-07793",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20393",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco RV340W, Cisco RV340, Cisco RV345, Cisco RV345P",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Cisco Small Business RV340, RV340W, RV345 \u0438 RV345P Dual WAN Gigabit VPN Routers, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-285)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Cisco Small Business RV340, RV340W, RV345 \u0438 RV345P Dual WAN Gigabit VPN Routers \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0441 \u0443\u0440\u043e\u0432\u043d\u044f \u00ab\u0433\u043e\u0441\u0442\u044f\u00bb \u0434\u043e \u00ab\u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u00bb \u043f\u0443\u0442\u0451\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u041f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 Cisco Small Business RV340, RV340W, RV345 \u0438 RV345P Dual WAN Gigabit VPN Routers \u043f\u0440\u0435\u043a\u0440\u0430\u0449\u0435\u043d\u0430, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430.",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCm",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-285",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CERTFR-2024-AVI-0833

Vulnerability from certfr_avis - Published: 2024-10-03 - Updated: 2024-10-03

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les périphériques Small Business RV340, RV340W, RV345, et RV345P Dual WAN Gigabit VPN ne sont plus supportés et ne seront pas mis à jour par Cisco.

Impacted products

	Vendor	Product	Description
	Cisco	Meraki MX	Meraki MX et Z versions postérieures à 16.2 et antérieures à 18.211.2
	Cisco	Nexus Dashboard Fabric Controller	Nexus Dashboard Fabric Controller versions 12.0 antérieures à 12.2.2

References

Title

Publication Time

GHSA-95PX-W8X3-2W55

Vulnerability from github – Published: 2024-10-02 18:31 – Updated: 2024-10-02 18:31

Details

This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-20393"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-02T17:15:15Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.\n\nThis vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.",
  "id": "GHSA-95px-w8x3-2w55",
  "modified": "2024-10-02T18:31:32Z",
  "published": "2024-10-02T18:31:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20393"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-20393

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-20393

Aliases

CVE-2024-20393

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2024-20393",
    "id": "GSD-2024-20393"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-20393"
      ],
      "id": "GSD-2024-20393",
      "modified": "2023-12-13T01:21:42.814229Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-20393",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

FKIE_CVE-2024-20393

Vulnerability from fkie_nvd - Published: 2024-10-02 17:15 - Updated: 2024-10-08 14:37

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.00.29
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.00.33
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.01.16
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.01.17
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.01.18
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.01.20
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.02.16
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.15
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.16
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.17
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.18
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.19
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.20
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.21
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.22
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.24
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.26
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.27
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.28
cisco	rv340_dual_wan_gigabit_vpn_router_firmware	1.0.03.29
cisco	rv340_dual_wan_gigabit_vpn_router	-
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.00.29
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.00.33
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.01.16
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.01.17
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.01.18
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.01.20
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.02.16
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.15
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.16
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.17
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.18
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.19
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.20
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.21
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.22
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.24
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.26
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.27
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.28
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware	1.0.03.29
cisco	rv340w_dual_wan_gigabit_wireless-ac_vpn_router	-
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.00.29
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.00.33
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.01.16
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.01.17
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.01.18
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.01.20
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.02.16
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.15
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.16
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.17
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.18
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.19
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.20
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.21
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.22
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.24
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.26
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.27
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.28
cisco	rv345_dual_wan_gigabit_vpn_router_firmware	1.0.03.29
cisco	rv345_dual_wan_gigabit_vpn_router	-
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.00.29
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.00.33
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.01.16
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.01.17
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.01.18
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.01.20
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.02.16
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.15
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.16
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.17
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.18
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.19
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.20
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.21
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.22
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.24
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.26
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.27
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.28
cisco	rv345p_dual_wan_gigabit_poe_vpn_router_firmware	1.0.03.29
cisco	rv345p_dual_wan_gigabit_poe_vpn_router	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.00.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBAD013E-3550-4157-B52A-F045DEFB0810",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.00.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "566AF5EF-B7BD-4F4A-9D5E-82588207C80E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.01.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B4BB7F-FE4B-404D-9977-AAA3D492634B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.01.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6BCBFF6-9A31-48BD-B93D-598564A3BB30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.01.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB20575D-3E22-49CA-91DE-CBACF2146D3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.01.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "8836DC95-1076-4CC4-8A6C-34F3ACCA312A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.02.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "45488336-CAF5-4F15-BB6E-5BEBD87A4F97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB498AAC-2FAC-4FCC-B644-1180627A5D1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "744B76F8-1276-42ED-8913-5FC9E11F2F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A4D7663-50E6-45B1-8701-2DF2D7F744AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E4341D-9FD4-4AAD-A5BE-35B0909A8FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "33A1EFF8-024B-46F6-A7E3-FCC593314B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0D4C611-38FD-4BF1-B478-03F01283EAC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "4788385E-133A-4908-97A0-135403424DA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "150DE44A-A558-4C15-8028-C301259E5ABF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B5E8D98-570C-49A1-9934-45BBCD02AB6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D9FF79A-BEE5-4204-B2C5-E0943DCD7773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "F15F5D4D-A256-4A2E-9873-F0514F81CA77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ACFBF35-E5B2-4807-AC7D-E3021EAAEE94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA1379E9-D147-48F4-AE3A-860B49EFA497",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv340_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6822600-E716-4F22-AF34-AD2914D6C128",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.00.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BC16280-4809-4B2C-825C-76A99392F95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.00.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A112271-F32C-49F5-B6DA-4DDBBB146106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.01.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "133E4C64-B9C8-4B65-927D-39B7BDF89AC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.01.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACD9ECA7-1DC4-4122-9D02-B258A62A2FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.01.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A19846-F451-4578-A25B-F3777BE90C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.01.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69964DE-67E6-4B1C-B3D2-C9177A891C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.02.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB3346A2-D0FB-4AE7-87C0-793DE49D555B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "40B366BB-EC50-4C1A-ACFA-61C86714FE1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "29C253B5-DAAD-45F0-8A45-B6F44FC74DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "4893D744-9041-4C89-A33C-8BB989B3FDFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB31F2B-3A74-45DD-B21E-A698E321BA6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCE2B1CD-E350-4C5D-BAA6-17138A8343F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "03FFDBF2-939C-46A3-BA90-6DED64474338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "426C4FDC-AAF3-4726-80D0-7C48B06A7E65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08A813B-630D-4EF4-812B-9E81A48A1DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F27B5644-BA7B-4442-A539-337F93238479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "9504523A-37F0-417A-99B4-CABE21E5E744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE54D030-093B-4267-8169-C2DCF72605D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "D70E0828-1150-44FD-82C2-C441A3ACF644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1C0171B-4C5D-4C15-84DD-E556C5AFDCBA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7E29320-5668-4F48-9BA1-DC81B256320B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.00.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "85C44874-31B8-4872-9973-4444D15B09B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.00.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "005FADE6-BF4F-416A-965A-46BF5F6C6D0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.01.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F78C801-EC2A-4B28-9ED1-A30E3589C3F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.01.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "2218EEEA-BB4D-4343-BB9F-3C01EA473342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.01.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "609583B2-4D32-4E76-AA9B-DA24A1BAFB16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.01.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D15056-B04A-40F1-A6D4-66A91FCE5A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.02.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "217B02B2-B4E6-40E7-993C-238D7FBEBFF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5659BD61-EE0C-49BF-8484-034A58BA32E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B9B65AE-D6EF-4A2E-9C2D-D96E64506080",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "383D6202-4215-46F5-9AA8-F7348997B99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "55939AC6-77E2-43E6-956C-B0B99CEAB315",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "2385BD9B-80C6-4E54-A4A9-EEA724E58FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "64CA692C-2D66-483B-A440-746A998CED07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D4AEE39-5EE2-43C7-80DC-B078A9953D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "85FA6AFD-7A8E-4505-8E4F-3A06199E6697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "36FE60B1-EE9F-4034-9612-482E2EECFBEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCD1FC1-6029-4DDC-898C-169E429D1FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1E99B3-ACEA-48C1-A649-497D5960F215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A69806-3B9F-46E5-877B-9477E3AF0A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D01F5A-1CC5-4C52-AB70-5DF41588EF98",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv345_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DF1ED87-3FDB-42CA-AA96-508B5F7B9206",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.00.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2812299-2A3C-49AA-9E81-BE4AA50F0D8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.00.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "20569E42-E769-401B-8163-3981C7905943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.01.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "105566D1-80A2-4545-9BF9-B3382162CA48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.01.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A468D852-CA7F-4561-9F0E-DB6A056A5F31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.01.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "C72F80EF-787D-4A5E-9B03-5215AD400571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.01.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "66D7C66E-AF9E-4419-B6CE-3489DC19212E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.02.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "041D9323-A320-4492-BAC7-4E0B06FF56E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D047F9E-7BCE-4F7E-B334-426F46CFCE66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E8D977-F28F-46D9-8DA2-7A1746F4278F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "A87D53D4-AF6F-4E5C-A7A4-099294029C59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "42672D7D-5265-4323-A284-F36722F7C36A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "A71CFA39-CF25-4B37-855A-7816770633ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2649FFCF-D9E1-466A-A7ED-4A2653259A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "743D74FF-2334-4C16-BDDD-FDFD4EEBF9EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "29AF1721-2676-4FDA-97E0-55E53A03AC16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3005E36-D17A-498B-9BF4-1D972FA03553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD115E4-53C8-4E3C-9024-4AE5F1F5DFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D0231F8-CC96-4F02-9737-654FECFCF624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C600D9E-4DDF-45A2-8760-749F0FB06513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "B675841D-7591-492F-BCF0-E63D416C7F1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:rv345p_dual_wan_gigabit_poe_vpn_router:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF972452-70D7-4026-A326-ACDD7446DD9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de los enrutadores VPN Gigabit de doble WAN Cisco Small Business RV340, RV340W, RV345 y RV345P podr\u00eda permitir que un atacante remoto autenticado eleve los privilegios en un dispositivo afectado. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web revela informaci\u00f3n confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una entrada HTTP manipulada a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante eleve los privilegios de invitado a administrador."
    }
  ],
  "id": "CVE-2024-20393",
  "lastModified": "2024-10-08T14:37:39.713",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-02T17:15:15.337",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-285"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-20393 (GCVE-0-2024-20393)

CVE-2024-20393

CERTFR-2024-AVI-0833

Solutions

GHSA-95PX-W8X3-2W55

GSD-2024-20393

FKIE_CVE-2024-20393

Tags

Sightings

Nomenclature