Cisco Bug: CSCvu49391 - Cisco RV340 Buffer Overflow Remote Code Execution Vulnerability
Sep 02, 2020
- Cisco Small Business RV Series Routers
Known Affected Releases
Symptom: A vulnerability in web-based management interface of Cisco Small Business RV340 Series Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker could exploit this vulnerability by sending crafted requests that contain overly large values to an affected device, causing a buffer overflow. A successful exploit could allow the attacker to temporarily degrade the performance of the interface process or execute arbitrary code on the underlying OS. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv Conditions: At the time of publication, these vulnerabilities affected the following Cisco Small Business Routers if they were running a firmware release earlier than Release 1.0.03.19: At the time of publication, Cisco Small Business RV340 Series Routers firmware releases 1.0.03.19 and later contained the fix for these vulnerabilities.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases