HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2020-3358

CVSS 8.6v3.1pub. 2020-07-16upd. 2024-11-21

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • Cisco Rv340 Dual Wan Gigabit Vpn Router

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv340 Dual Wan Gigabit Vpn Router Firmware

    OS
    Cisco
    < 1.0.03.18
  • Cisco Rv340w Dual Wan Gigabit Wireless Ac Vpn Router

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware

    OS
    Cisco
    < 1.0.03.18
  • Cisco Rv345 Dual Wan Gigabit Vpn Router

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv345 Dual Wan Gigabit Vpn Router Firmware

    OS
    Cisco
    < 1.0.03.18
  • Cisco Rv345p Dual Wan Gigabit Poe Vpn Router

    HW
    Cisco
    wszystkie wersje
  • Cisco Rv345p Dual Wan Gigabit Poe Vpn Router Firmware

    OS
    Cisco
    < 1.0.03.18
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoSVPN
CWE
References

Related vulnerabilities

CVE-2020-3357CRITICAL9.8ten sam produkt

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, an...

CVE-2024-20393HIGH8.8ten sam produkt

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P...

CVE-2024-20470HIGH7.2ten sam produkt

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P...

CVE-2026-20182CRITICAL10.0⚠ KEVPL ✓ten sam vendor

Cisco Catalyst SD-WAN — pominięcie uwierzytelnienia z dostępem administracyjnym

CVE-2026-20131CRITICAL10.0⚠ KEVPL ✓ten sam vendor

RCE przez insecure deserialization w Cisco Secure Firewall Management Center