Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities

cisco-sa-rv34x-privesc-rce-qE33TCms · High · Published · Updated

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges and execute arbitrary commands on the underlying operating system of an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has not released and will not release software updates that address these vulnerabilities because the affected products are past their respective dates for End of Software Maintenance Releases. The Cisco Product Security Incident Response Team (PSIRT) will continue to evaluate and disclose security vulnerabilities that affect these products until they reach their respective Last Dates of Support. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2024-20393, CVE-2024-20470
Cisco Bug IDsCSCwm27935, CSCwk99655
CVSS ScoreBase 8.8
Base 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Small Business RV Series Router Firmware

Related Products

Product CVE Evidence
Cisco Small Business RV Series Router Firmware CVE-2024-20470 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2024-20393 Cisco OpenVuln