Description

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.

INFO

Published Date :

2024-10-02T16:53:04.527Z

Last Modified :

2024-10-02T19:58:58.443Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2024-20393 vulnerability.

Vendors Products
Cisco
  • Rv340 Dual Wan Gigabit Vpn Router
  • Rv340 Dual Wan Gigabit Vpn Router Firmware
  • Rv340w Dual Wan Gigabit Wireless-ac Vpn Router
  • Rv340w Dual Wan Gigabit Wireless-ac Vpn Router Firmware
  • Rv345 Dual Wan Gigabit Vpn Router
  • Rv345 Dual Wan Gigabit Vpn Router Firmware
  • Rv345p Dual Wan Gigabit Poe Vpn Router
  • Rv345p Dual Wan Gigabit Poe Vpn Router Firmware
  • Small Business Rv Series Router Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-20393.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact