Sign-up

ID

VAR-202007-1030


CVE

CVE-2020-3358


TITLE

plural Cisco Small Business RV VPN Input verification vulnerability in router

Trust: 0.8

sources: JVNDB: JVNDB-2020-008334

DESCRIPTION

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition. plural Cisco Small Business RV VPN The router contains an input verification vulnerability.Service operation interruption (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3358 // JVNDB: JVNDB-2020-008334

AFFECTED PRODUCTS

vendor:ciscomodel:rv345p dual wan gigabit poe vpn routerscope:ltversion:1.0.03.18

Trust: 1.0

vendor:ciscomodel:rv340w dual wan gigabit wireless-ac vpn routerscope:ltversion:1.0.03.18

Trust: 1.0

vendor:ciscomodel:rv340 dual wan gigabit vpn routerscope:ltversion:1.0.03.18

Trust: 1.0

vendor:ciscomodel:rv345 dual wan gigabit vpn routerscope:ltversion:1.0.03.18

Trust: 1.0

vendor:ciscomodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv345p dual wan gigabit poe vpn routerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-008334 // NVD: CVE-2020-3358

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-3358
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-008334
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202007-1086
value: HIGH

Trust: 0.6

NVD: CVE-2020-3358
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-008334
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

NVD: CVE-2020-3358
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-008334
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-008334 // CNNVD: CNNVD-202007-1086 // NVD: CVE-2020-3358

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-008334 // NVD: CVE-2020-3358

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202007-1086

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202007-1086

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-3358

PATCH
title:cisco-sa-sb-dos-ZN5GvNH7url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-dos-zn5gvnh7
Trust: 0.8
title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=124567
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008334 // 
            
            
            
            CNNVD: CNNVD-202007-1086

EXTERNAL IDS
db:NVDid:CVE-2020-3358
Trust: 2.4
db:JVNDBid:JVNDB-2020-008334
Trust: 0.8
db:AUSCERTid:ESB-2020.2417
Trust: 0.6
db:NSFOCUSid:48350
Trust: 0.6
db:CNNVDid:CNNVD-202007-1086
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008334 // 
            
            
            
            CNNVD: CNNVD-202007-1086 // 
            
            
            
            NVD: CVE-2020-3358

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-dos-zn5gvnh7
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2020-3358
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3358
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2417/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48350
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-008334 // 
            
            
            
            CNNVD: CNNVD-202007-1086 // 
            
            
            
            NVD: CVE-2020-3358

SOURCES
db:JVNDBid:JVNDB-2020-008334
db:CNNVDid:CNNVD-202007-1086
db:NVDid:CVE-2020-3358

LAST UPDATE DATE
2023-11-09T23:23:50.657000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-008334date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1086date:2021-01-05T00:00:00
db:NVDid:CVE-2020-3358date:2023-11-07T03:22:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-008334date:2020-09-08T00:00:00
db:CNNVDid:CNNVD-202007-1086date:2020-07-15T00:00:00
db:NVDid:CVE-2020-3358date:2020-07-16T18:15:00