ID

VAR-202410-0203


CVE

CVE-2024-20522


TITLE

Out-of-bounds write vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2024-010025

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 Routers could allow an authenticated, Administrator-level, remote attacker to cause an unexpected reload of an affected device, resulting in a denial of service (DoS) condition. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.   This vulnerability is due to improper validation of user input that is in incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of the affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN firmware, Cisco RV320 Dual Gigabit WAN VPN Multiple Cisco Systems products, including router firmware, contain an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-20522 // JVNDB: JVNDB-2024-010025

AFFECTED PRODUCTS

vendor:ciscomodel:rv320scope:eqversion:3.0.0.19-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.3.1.12

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.4.2.19

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.3.1.10

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.5.1.11

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.0.2.03

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.4.2.20

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.3.12.19-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.2.1.13

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.0.1.17

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:3.0.0.1-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.0.2.08-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.3.2.02

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.2.1.02

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.1.1.01

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.1.1.06

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:3.0.2.01-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.4.2.20

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.3.12.19-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.2.3.10

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.0.0.7

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.2.3.08

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.3.1.12

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.2.2.08

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.1.0.02-tm

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.0.2.08-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.1.1.01

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.2.1.13

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.5.1.05

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.2.3.10

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.0.4.02-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.2.3.06

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.2.3.07

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.4.2.19

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.0.3.03-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.5.1.11

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.2.3.08

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.2.1.14

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.4.2.17

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.3.12.6-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.5.1.13

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.2.3.09

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.0.4.02-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.2.1.02

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.1.1.06

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.4.2.22

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.5.1.05

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.1.0.09

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.3.13.02-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.3.12.6-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.2.3.06

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.4.2.15

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.2.2.08

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.5.1.13

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.2.3.03

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:3.0.0.19-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.2.1.14

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.1.1.19

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:3.0.0.1-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.3.1.10

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.0.2.03

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.4.2.15

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:3.0.0.19-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.0.1.17

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.2.3.14

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.2.3.07

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.1.0.09

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.1.1.19

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:3.0.2.01-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.0.3.03-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.3.2.02

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.4.2.17

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.0.0.7

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.4.2.20

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.2.3.09

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.0.2.08-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.3.12.19-tm

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.2.3.14

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:3.0.2.01-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.4.2.22

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.1.0.02-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.5.1.05

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.1.1.01

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.2.3.10

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.0.0.7

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.2.3.03

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.4.2.19

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.5.1.11

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.4.2.22

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.0.2.08-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.3.1.12

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.3.1.10

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.0.2.03

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.2.1.02

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.2.1.13

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.0.1.17

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.1.1.06

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.4.2.19

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.2.3.10

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.5.1.11

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.3.2.02

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.0.4.02-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.5.1.13

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.3.1.12

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.2.2.08

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.4.2.20

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.3.12.19-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.2.1.02

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.3.13.02-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.3.12.6-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.1.1.06

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.2.1.13

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.2.3.08

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.1.0.02-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:3.0.0.1-tm

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.3.2.02

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.1.1.01

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.4.2.15

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.2.2.08

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.1.1.19

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.2.3.07

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.0.3.03-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.5.1.13

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.2.3.08

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:3.0.0.19-tm

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.4.2.17

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.1.0.02-tm

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.2.3.06

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.2.3.09

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.2.1.14

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.2.3.14

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:3.0.0.1-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.2.3.07

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.0.3.03-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.4.2.15

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.5.1.05

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:4.0.4.02-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.4.2.17

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:1.1.1.19

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.2.3.06

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:3.0.2.01-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.2.3.09

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:4.2.3.03

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.1.0.09

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.2.1.14

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.3.13.02-tm

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.0.0.7

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion:1.3.12.6-tm

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:1.4.2.22

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.3.1.10

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion:4.2.3.14

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.0.2.03

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion:4.2.3.03

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.0.1.17

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.1.0.09

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion:1.3.13.02-tm

Trust: 1.0

vendor:シスコシステムズmodel:rv042g dual gigabit wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv325 dual gigabit wan vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv320 dual gigabit wan vpn ルータscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-010025 // NVD: CVE-2024-20522

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-20522
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2024-20522
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-20522
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2024-20522
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 4.0
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2024-20522
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2024-20522
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-010025 // NVD: CVE-2024-20522 // NVD: CVE-2024-20522

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-122

Trust: 1.0

problemtype:Heap-based buffer overflow (CWE-122) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-010025 // NVD: CVE-2024-20522

PATCH

title:cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhVurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv04x_rv32x_vulns-yJ2OSDhV

Trust: 0.8

sources: JVNDB: JVNDB-2024-010025

EXTERNAL IDS

db:NVDid:CVE-2024-20522

Trust: 2.6

db:JVNDBid:JVNDB-2024-010025

Trust: 0.8

sources: JVNDB: JVNDB-2024-010025 // NVD: CVE-2024-20522

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sb-rv04x_rv32x_vulns-yj2osdhv

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-20522

Trust: 0.8

sources: JVNDB: JVNDB-2024-010025 // NVD: CVE-2024-20522

SOURCES

db:JVNDBid:JVNDB-2024-010025
db:NVDid:CVE-2024-20522

LAST UPDATE DATE

2024-10-11T23:05:41.024000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-010025date:2024-10-09T02:54:00
db:NVDid:CVE-2024-20522date:2024-10-08T13:48:19.060

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-010025date:2024-10-09T00:00:00
db:NVDid:CVE-2024-20522date:2024-10-02T17:15:19.490