ID

VAR-202009-1154


CVE

CVE-2020-3451


TITLE

Cisco Small Business RV340  Buffer error vulnerability in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-010746

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Small Business RV340 A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the fileparam parameter provided to the upload.cgi endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Cisco Small Business RV340 is a set of Cisco router equipment

Trust: 2.88

sources: NVD: CVE-2020-3451 // JVNDB: JVNDB-2020-010746 // ZDI: ZDI-20-1100 // CNVD: CNVD-2020-52370 // VULMON: CVE-2020-3451

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52370

AFFECTED PRODUCTS

vendor:ciscomodel:rv340wscope:ltversion:1.0.03.19

Trust: 1.0

vendor:ciscomodel:rv345scope:ltversion:1.0.03.19

Trust: 1.0

vendor:ciscomodel:rv345pscope:ltversion:1.0.03.19

Trust: 1.0

vendor:ciscomodel:rv340scope:ltversion:1.0.03.19

Trust: 1.0

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv340scope: - version: -

Trust: 0.7

vendor:ciscomodel:small business rv340scope:ltversion:1.0.03.19

Trust: 0.6

vendor:ciscomodel:small business rv340wscope:ltversion:1.0.03.19

Trust: 0.6

vendor:ciscomodel:small business rv345scope:ltversion:1.0.03.19

Trust: 0.6

vendor:ciscomodel:small business rv345pscope:ltversion:1.0.03.19

Trust: 0.6

sources: ZDI: ZDI-20-1100 // CNVD: CNVD-2020-52370 // JVNDB: JVNDB-2020-010746 // NVD: CVE-2020-3451

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3451
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3451
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3451
value: MEDIUM

Trust: 0.8

ZDI: CVE-2020-3451
value: MEDIUM

Trust: 0.7

CNVD: CNVD-2020-52370
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202009-092
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-3451
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3451
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2020-52370
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-3451
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 2.0

NVD: CVE-2020-3451
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-3451
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.1
impactScore: 3.4
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1100 // CNVD: CNVD-2020-52370 // VULMON: CVE-2020-3451 // JVNDB: JVNDB-2020-010746 // CNNVD: CNNVD-202009-092 // NVD: CVE-2020-3451 // NVD: CVE-2020-3451

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010746 // NVD: CVE-2020-3451

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202009-092

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202009-092

PATCH

title:cisco-sa-rv-osinj-rce-pwTkPCJvurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv

Trust: 1.5

title:Patch for Cisco Small Business RV340 command injection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/234259

Trust: 0.6

title:Cisco: Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-osinj-rce-pwTkPCJv

Trust: 0.1

title:CVE-2020-3451url:https://github.com/AlAIAL90/CVE-2020-3451

Trust: 0.1

title:cisco-RV34x-RCEurl:https://github.com/w0lfzhang/cisco-RV34x-RCE

Trust: 0.1

sources: ZDI: ZDI-20-1100 // CNVD: CNVD-2020-52370 // VULMON: CVE-2020-3451 // JVNDB: JVNDB-2020-010746

EXTERNAL IDS

db:NVDid:CVE-2020-3451

Trust: 3.8

db:ZDIid:ZDI-20-1100

Trust: 3.2

db:JVNDBid:JVNDB-2020-010746

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-10640

Trust: 0.7

db:CNVDid:CNVD-2020-52370

Trust: 0.6

db:AUSCERTid:ESB-2020.3030.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3030

Trust: 0.6

db:AUSCERTid:ESB-2020.3030.3

Trust: 0.6

db:NSFOCUSid:49098

Trust: 0.6

db:NSFOCUSid:49462

Trust: 0.6

db:CNNVDid:CNNVD-202009-092

Trust: 0.6

db:VULMONid:CVE-2020-3451

Trust: 0.1

sources: ZDI: ZDI-20-1100 // CNVD: CNVD-2020-52370 // VULMON: CVE-2020-3451 // JVNDB: JVNDB-2020-010746 // CNNVD: CNNVD-202009-092 // NVD: CVE-2020-3451

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-osinj-rce-pwtkpcjv

Trust: 3.7

url:https://www.zerodayinitiative.com/advisories/zdi-20-1100/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-3451

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3030.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3030/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3030.3/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49462

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49098

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/alaial90/cve-2020-3451

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-20-1100 // CNVD: CNVD-2020-52370 // VULMON: CVE-2020-3451 // JVNDB: JVNDB-2020-010746 // CNNVD: CNNVD-202009-092 // NVD: CVE-2020-3451

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-20-1100

SOURCES

db:ZDIid:ZDI-20-1100
db:CNVDid:CNVD-2020-52370
db:VULMONid:CVE-2020-3451
db:JVNDBid:JVNDB-2020-010746
db:CNNVDid:CNNVD-202009-092
db:NVDid:CVE-2020-3451

LAST UPDATE DATE

2024-08-14T14:44:44.036000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-1100date:2020-09-08T00:00:00
db:CNVDid:CNVD-2020-52370date:2020-09-16T00:00:00
db:VULMONid:CVE-2020-3451date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-010746date:2021-02-03T02:26:00
db:CNNVDid:CNNVD-202009-092date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3451date:2023-11-07T03:22:44.270

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-1100date:2020-09-08T00:00:00
db:CNVDid:CNVD-2020-52370date:2020-09-16T00:00:00
db:VULMONid:CVE-2020-3451date:2020-09-04T00:00:00
db:JVNDBid:JVNDB-2020-010746date:2021-02-03T00:00:00
db:CNNVDid:CNNVD-202009-092date:2020-09-02T00:00:00
db:NVDid:CVE-2020-3451date:2020-09-04T03:15:10.120