CVE-2020-3357: Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers SSL Remote Code Execution and Denial of Service Vulnerability
First published: Thu Jul 16 2020(Updated: )
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware | <1.0.03.18 | |
| Cisco Rv340 Dual Wan Gigabit Vpn Router | ||
| Cisco Rv340w Dual Wan Gigabit Wireless-ac Vpn Router Firmware | <1.0.03.18 | |
| Cisco Rv340w Dual Wan Gigabit Wireless-ac Vpn Router | ||
| Cisco Rv345 Dual Wan Gigabit Vpn Router Firmware | <1.0.03.18 | |
| Cisco Rv345 Dual Wan Gigabit Vpn Router | ||
| Cisco Rv345p Dual Wan Gigabit Poe Vpn Router Firmware | <1.0.03.18 | |
| Cisco Rv345p Dual Wan Gigabit Poe Vpn Router |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-3357?
CVE-2020-3357 is a vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers.
What is the severity of CVE-2020-3357?
CVE-2020-3357 has a severity rating of 9.8 (Critical).
How does CVE-2020-3357 affect Cisco Small Business RV340, RV340W, RV345, and RV345P routers?
CVE-2020-3357 allows an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service.
Is Cisco Rv340 Dual Wan Gigabit Vpn Router firmware vulnerable to CVE-2020-3357?
Yes, Cisco Rv340 Dual Wan Gigabit Vpn Router firmware version up to and excluding 1.0.03.18 is vulnerable to CVE-2020-3357.
Is Cisco Rv340w Dual Wan Gigabit Wireless-ac Vpn Router firmware vulnerable to CVE-2020-3357?
Yes, Cisco Rv340w Dual Wan Gigabit Wireless-ac Vpn Router firmware version up to and excluding 1.0.03.18 is vulnerable to CVE-2020-3357.
Is Cisco Rv345 Dual Wan Gigabit Vpn Router firmware vulnerable to CVE-2020-3357?
Yes, Cisco Rv345 Dual Wan Gigabit Vpn Router firmware version up to and excluding 1.0.03.18 is vulnerable to CVE-2020-3357.
Is Cisco Rv345p Dual Wan Gigabit Poe Vpn Router firmware vulnerable to CVE-2020-3357?
Yes, Cisco Rv345p Dual Wan Gigabit Poe Vpn Router firmware version up to and excluding 1.0.03.18 is vulnerable to CVE-2020-3357.
How can I fix CVE-2020-3357?
To fix CVE-2020-3357, Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers should be updated to a firmware version that is inclusive of or greater than 1.0.03.18.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/author
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco rv340 dual wan gigabit vpn router firmware
- canonical/cisco rv340 dual wan gigabit vpn router
- canonical/cisco rv340w dual wan gigabit wireless-ac vpn router firmware
- canonical/cisco rv340w dual wan gigabit wireless-ac vpn router
- canonical/cisco rv345 dual wan gigabit vpn router firmware
- canonical/cisco rv345 dual wan gigabit vpn router
- canonical/cisco rv345p dual wan gigabit poe vpn router firmware
- canonical/cisco rv345p dual wan gigabit poe vpn router