Details of VAR-202007-1029

ID

VAR-202007-1029

CVE

CVE-2020-3357

TITLE

plural Cisco Small Business RV VPN Input verification vulnerability in router

Trust: 0.8

sources: JVNDB: JVNDB-2020-008333

DESCRIPTION

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition. plural Cisco Small Business RV VPN The router contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3357 // JVNDB: JVNDB-2020-008333

AFFECTED PRODUCTS

vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	lt	version:	1.0.03.18	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	lt	version:	1.0.03.18	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	lt	version:	1.0.03.18	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	lt	version:	1.0.03.18	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-008333 // NVD: CVE-2020-3357

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2020-3357
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2020-008333
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202007-1090
value:	CRITICAL
Trust: 0.6

NVD:	CVE-2020-3357
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2020-008333
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

NVD:	CVE-2020-3357
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-008333
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-008333 // CNNVD: CNNVD-202007-1090 // NVD: CVE-2020-3357

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-008333 // NVD: CVE-2020-3357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1090

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1090

CONFIGURATIONS

sources: NVD: CVE-2020-3357

PATCH

title:	cisco-sa-sb-rce-dos-9ZAjkx4	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rce-dos-9zajkx4	Trust: 0.8
title:	Multiple Cisco Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124166	Trust: 0.6

sources: JVNDB: JVNDB-2020-008333 // CNNVD: CNNVD-202007-1090

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3357	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-008333	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.2417	Trust: 0.6
db:	NSFOCUS	id:	48357	Trust: 0.6
db:	CNNVD	id:	CNNVD-202007-1090	Trust: 0.6

sources: JVNDB: JVNDB-2020-008333 // CNNVD: CNNVD-202007-1090 // NVD: CVE-2020-3357

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rce-dos-9zajkx4	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3357	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3357	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/48357	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2417/	Trust: 0.6

sources: JVNDB: JVNDB-2020-008333 // CNNVD: CNNVD-202007-1090 // NVD: CVE-2020-3357

SOURCES

db:	JVNDB	id:	JVNDB-2020-008333
db:	CNNVD	id:	CNNVD-202007-1090
db:	NVD	id:	CVE-2020-3357

LAST UPDATE DATE

2023-11-09T23:23:50.633000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-008333	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1090	date:	2021-01-05T00:00:00
db:	NVD	id:	CVE-2020-3357	date:	2023-11-07T03:22:00

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-008333	date:	2020-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202007-1090	date:	2020-07-15T00:00:00
db:	NVD	id:	CVE-2020-3357	date:	2020-07-16T18:15:00