ID

VAR-202009-1155


CVE

CVE-2020-3453


TITLE

Cisco Small Business RV340  Buffer error vulnerability in series routers

Trust: 0.8

sources: JVNDB: JVNDB-2020-010747

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker with administrative credentials to execute arbitrary commands on the underlying operating system (OS) as a restricted user. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Small Business RV340 A buffer error vulnerability exists in series routers.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the fileparam parameter provided to the upload.cgi endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the www-data user

Trust: 2.34

sources: NVD: CVE-2020-3453 // JVNDB: JVNDB-2020-010747 // ZDI: ZDI-20-1101 // VULMON: CVE-2020-3453

AFFECTED PRODUCTS

vendor:ciscomodel:rv340wscope:ltversion:1.0.03.19

Trust: 1.0

vendor:ciscomodel:rv345scope:ltversion:1.0.03.19

Trust: 1.0

vendor:ciscomodel:rv345pscope:ltversion:1.0.03.19

Trust: 1.0

vendor:ciscomodel:rv340scope:ltversion:1.0.03.19

Trust: 1.0

vendor:シスコシステムズmodel:rv340w dual wan gigabit wireless-ac vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv340 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345p dual wan gigabit poe vpn routerscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv345 dual wan gigabit vpn routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:rv340scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-20-1101 // JVNDB: JVNDB-2020-010747 // NVD: CVE-2020-3453

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3453
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3453
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3453
value: MEDIUM

Trust: 0.8

ZDI: CVE-2020-3453
value: MEDIUM

Trust: 0.7

CNNVD: CNNVD-202009-190
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-3453
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3453
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2020-3453
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3453
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.2
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-3453
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2020-3453
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-20-1101 // VULMON: CVE-2020-3453 // JVNDB: JVNDB-2020-010747 // CNNVD: CNNVD-202009-190 // NVD: CVE-2020-3453 // NVD: CVE-2020-3453

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-20

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010747 // NVD: CVE-2020-3453

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202009-190

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202009-190

PATCH

title:cisco-sa-rv-osinj-rce-pwTkPCJvurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv

Trust: 1.5

title:Cisco Small Business RV340 Command execution vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127707

Trust: 0.6

title:Cisco: Cisco Small Business RV340 Series Routers Command Injection and Remote Code Execution Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-osinj-rce-pwTkPCJv

Trust: 0.1

title:CVE-2020-3453url:https://github.com/AlAIAL90/CVE-2020-3453

Trust: 0.1

sources: ZDI: ZDI-20-1101 // VULMON: CVE-2020-3453 // JVNDB: JVNDB-2020-010747 // CNNVD: CNNVD-202009-190

EXTERNAL IDS

db:NVDid:CVE-2020-3453

Trust: 3.2

db:ZDIid:ZDI-20-1101

Trust: 3.2

db:JVNDBid:JVNDB-2020-010747

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-10907

Trust: 0.7

db:NSFOCUSid:49455

Trust: 0.6

db:NSFOCUSid:49099

Trust: 0.6

db:AUSCERTid:ESB-2020.3030.2

Trust: 0.6

db:AUSCERTid:ESB-2020.3030

Trust: 0.6

db:AUSCERTid:ESB-2020.3030.3

Trust: 0.6

db:CNNVDid:CNNVD-202009-190

Trust: 0.6

db:VULMONid:CVE-2020-3453

Trust: 0.1

sources: ZDI: ZDI-20-1101 // VULMON: CVE-2020-3453 // JVNDB: JVNDB-2020-010747 // CNNVD: CNNVD-202009-190 // NVD: CVE-2020-3453

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-osinj-rce-pwtkpcjv

Trust: 3.1

url:https://www.zerodayinitiative.com/advisories/zdi-20-1101/

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2020-3453

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3030.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3030/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3030.3/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49099

Trust: 0.6

url:http://www.nsfocus.net/vulndb/49455

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/alaial90/cve-2020-3453

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: ZDI: ZDI-20-1101 // VULMON: CVE-2020-3453 // JVNDB: JVNDB-2020-010747 // CNNVD: CNNVD-202009-190 // NVD: CVE-2020-3453

CREDITS

0x00string

Trust: 0.7

sources: ZDI: ZDI-20-1101

SOURCES

db:ZDIid:ZDI-20-1101
db:VULMONid:CVE-2020-3453
db:JVNDBid:JVNDB-2020-010747
db:CNNVDid:CNNVD-202009-190
db:NVDid:CVE-2020-3453

LAST UPDATE DATE

2024-08-14T14:44:44.004000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-20-1101date:2020-09-08T00:00:00
db:VULMONid:CVE-2020-3453date:2021-08-06T00:00:00
db:JVNDBid:JVNDB-2020-010747date:2021-02-03T02:26:00
db:CNNVDid:CNNVD-202009-190date:2021-08-09T00:00:00
db:NVDid:CVE-2020-3453date:2023-11-07T03:22:44.653

SOURCES RELEASE DATE

db:ZDIid:ZDI-20-1101date:2020-09-08T00:00:00
db:VULMONid:CVE-2020-3453date:2020-09-04T00:00:00
db:JVNDBid:JVNDB-2020-010747date:2021-02-03T00:00:00
db:CNNVDid:CNNVD-202009-190date:2020-09-02T00:00:00
db:NVDid:CVE-2020-3453date:2020-09-04T03:15:10.200