Cisco Small Business Routers Vulnerable to Elevated Privileges Exploit
CVE-2024-20393

8.8HIGH

Key Information:

Vendor
Cisco
Status
Cisco Small Business Rv Series Router Firmware
Vendor
CVE Published:
2 October 2024

Badges

đź“° News Worthy

Summary

A vulnerability exists in the web-based management interface of Cisco Small Business RV340 series routers that could allow an authenticated remote attacker to elevate their privileges. This vulnerability arises from the inadvertent exposure of sensitive information within the interface. By crafting specific HTTP inputs directed at an affected device, an attacker could potentially exploit this weakness, enabling them to elevate their access from guest to administrator level. Users of these routers should remain vigilant and apply recommended security measures to mitigate against this threat.

Affected Version(s)

Cisco Small Business RV Series Router Firmware 1.0.01.17

Cisco Small Business RV Series Router Firmware 1.0.03.17

Cisco Small Business RV Series Router Firmware 1.0.01.16

News Articles

favicon imageRecorded Future

CVE-2024-20393 Description, Impact and Technical Details

CVE-2024-20393 is a vulnerability affecting Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, which allows an authen…

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Recorded Future

  • Vulnerability published

  • Vulnerability Reserved

.