ID

VAR-202007-1029


CVE

CVE-2020-3357


TITLE

plural Cisco Small Business RV VPN Input verification vulnerability in router

Trust: 0.8

sources: JVNDB: JVNDB-2020-008333

DESCRIPTION

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition. plural Cisco Small Business RV VPN The router contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3357 // JVNDB: JVNDB-2020-008333

AFFECTED PRODUCTS

vendor:ciscomodel:rv345p dual wan gigabit poe vpn routerscope:ltversion:1.0.03.18

Trust: 1.0

vendor:ciscomodel:rv340w dual wan gigabit wireless-ac vpn routerscope:ltversion:1.0.03.18

Trust: 1.0

vendor:ciscomodel:rv340 dual wan gigabit vpn routerscope:ltversion:1.0.03.18

Trust: 1.0

vendor:ciscomodel:rv345 dual wan gigabit vpn routerscope:ltversion:1.0.03.18

Trust: 1.0

vendor:ciscomodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv345p dual wan gigabit poe vpn routerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008333 // NVD: CVE-2020-3357

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-3357
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-008333
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202007-1090
value: CRITICAL

Trust: 0.6

NVD: CVE-2020-3357
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008333
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-3357
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008333
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-008333 // CNNVD: CNNVD-202007-1090 // NVD: CVE-2020-3357

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-008333 // NVD: CVE-2020-3357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1090

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1090

CONFIGURATIONS

sources: NVD: CVE-2020-3357

PATCH

title:cisco-sa-sb-rce-dos-9ZAjkx4url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rce-dos-9zajkx4

Trust: 0.8

title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124166

Trust: 0.6

sources: JVNDB: JVNDB-2020-008333 // CNNVD: CNNVD-202007-1090

EXTERNAL IDS

db:NVDid:CVE-2020-3357

Trust: 2.4

db:JVNDBid:JVNDB-2020-008333

Trust: 0.8

db:AUSCERTid:ESB-2020.2417

Trust: 0.6

db:NSFOCUSid:48357

Trust: 0.6

db:CNNVDid:CNNVD-202007-1090

Trust: 0.6

sources: JVNDB: JVNDB-2020-008333 // CNNVD: CNNVD-202007-1090 // NVD: CVE-2020-3357

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rce-dos-9zajkx4

Trust: 2.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-3357

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3357

Trust: 0.8

url:http://www.nsfocus.net/vulndb/48357

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2417/

Trust: 0.6

sources: JVNDB: JVNDB-2020-008333 // CNNVD: CNNVD-202007-1090 // NVD: CVE-2020-3357

SOURCES

db:JVNDBid:JVNDB-2020-008333
db:CNNVDid:CNNVD-202007-1090
db:NVDid:CVE-2020-3357

LAST UPDATE DATE

2023-11-09T23:23:50.633000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-008333date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1090date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3357date:2023-11-07T03:22:00

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-008333date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1090date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3357date:2020-07-16T18:15:00