Cisco Small Business Routers Vulnerable to Elevated Privileges Exploit

CVE-2024-20393

8.8HIGH

Key Information

Vendor
Cisco
Status
Cisco Small Business Rv Series Router Firmware
Vendor
CVE Published:
2 October 2024

Badges

đź‘ľ Exploit Existsđź“° News Worthy

Summary

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.

This vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin.

Affected Version(s)

Cisco Small Business RV Series Router Firmware = 1.0.01.17

Cisco Small Business RV Series Router Firmware = 1.0.03.17

Cisco Small Business RV Series Router Firmware = 1.0.01.16

News Articles

CVE-2024-20393 Description, Impact and Technical Details

CVE-2024-20393 is a vulnerability affecting Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, which allows an authen…

3 months ago

Refferences

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • First article discovered by Recorded Future

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 News Article(s)
.