Details of VAR-202410-0204

ID

VAR-202410-0204

CVE

CVE-2024-20393

TITLE

Vulnerabilities in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2024-010017

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin. RV340 firmware, RV340W firmware, RV345 Unspecified vulnerabilities exist in multiple Cisco Systems products such as firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-20393 // JVNDB: JVNDB-2024-010017

AFFECTED PRODUCTS

vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.17	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.24	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.21	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.21	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.21	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.17	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.24	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.24	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.24	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.26	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.01.16	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.26	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.26	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.20	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.01.20	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.28	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.01.20	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.28	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.22	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.20	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.22	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.22	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.22	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.00.33	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.29	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.01.17	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.01.17	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.00.33	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.00.33	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.00.33	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.29	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.29	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.29	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.00.29	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.19	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.19	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.00.29	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.19	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.02.16	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.01.16	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.16	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.17	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.17	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.01.16	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.01.16	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.27	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.26	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.27	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.27	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.27	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.01.20	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.28	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.20	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.20	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.01.20	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.28	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.01.18	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.01.17	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.01.18	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.18	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.01.18	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.01.18	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.01.17	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.18	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.18	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.18	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.15	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.02.16	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.00.29	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.00.29	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.15	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.15	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.15	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.16	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.02.16	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.02.16	Trust: 1.0
vendor:	cisco	model:	rv340w dual wan gigabit wireless-ac vpn router	scope:	eq	version:	1.0.03.19	Trust: 1.0
vendor:	cisco	model:	rv345p dual wan gigabit poe vpn router	scope:	eq	version:	1.0.03.16	Trust: 1.0
vendor:	cisco	model:	rv345 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.16	Trust: 1.0
vendor:	cisco	model:	rv340 dual wan gigabit vpn router	scope:	eq	version:	1.0.03.21	Trust: 1.0
vendor:	シスコシステムズ	model:	rv340w	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv340	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv345	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	rv345p	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-010017 // NVD: CVE-2024-20393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-20393
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2024-20393
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-20393
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2024-20393
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-20393
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-010017 // NVD: CVE-2024-20393 // NVD: CVE-2024-20393

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-285	Trust: 1.0
problemtype:	Inappropriate authorization (CWE-285) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-010017 // NVD: CVE-2024-20393

PATCH

title:

cisco-sa-rv34x-privesc-rce-qE33TCms

url:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms

Trust: 0.8

sources: JVNDB: JVNDB-2024-010017

EXTERNAL IDS

db:	NVD	id:	CVE-2024-20393	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-010017	Trust: 0.8

sources: JVNDB: JVNDB-2024-010017 // NVD: CVE-2024-20393

REFERENCES

url:	https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv34x-privesc-rce-qe33tcms	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-20393	Trust: 0.8

sources: JVNDB: JVNDB-2024-010017 // NVD: CVE-2024-20393

SOURCES

db:	JVNDB	id:	JVNDB-2024-010017
db:	NVD	id:	CVE-2024-20393

LAST UPDATE DATE

2024-10-11T23:02:37.694000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-010017	date:	2024-10-09T02:27:00
db:	NVD	id:	CVE-2024-20393	date:	2024-10-08T14:37:39.713

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-010017	date:	2024-10-09T00:00:00
db:	NVD	id:	CVE-2024-20393	date:	2024-10-02T17:15:15.337