Guest

Preview Tool

Cisco Bug: CSCvu49391 - Cisco RV340 Buffer Overflow Remote Code Execution Vulnerability

Last Modified

Sep 02, 2020

Products (1)

  • Cisco Small Business RV Series Routers

Known Affected Releases

1.0.3.17

Description (partial)

Symptom:
A vulnerability in web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.

The vulnerability is due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests that contain overly large values to an affected device, causing a buffer overflow. A successful exploit could allow the attacker to temporarily degrade the performance of the interface process or execute arbitrary code on the underlying OS.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv

Conditions:
At the time of publication, these vulnerabilities affected the following Cisco Small Business Routers if they were running a firmware release earlier than Release 1.0.03.19:
At the time of publication, Cisco Small Business RV340 Series Routers firmware releases 1.0.03.19 and later contained the fix for these vulnerabilities.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.