Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20416

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-17 Jul, 2024 | 16:29
Updated At-01 Aug, 2024 | 21:59
Rejected At-
Credits

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:17 Jul, 2024 | 16:29
Updated At:01 Aug, 2024 | 21:59
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Small Business RV Series Router Firmware
Versions
Affected
  • N/A
Problem Types
TypeCWE IDDescription
cweCWE-130Improper Handling of Length Parameter Inconsistency
Type: cwe
CWE ID: CWE-130
Description: Improper Handling of Length Parameter Inconsistency
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Cisco Systems, Inc.cisco
Product
rv340_dual_wan_gigabit_vpn_router_firmware
CPEs
  • cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 1.0.03.24 through * (custom)
Vendor
Cisco Systems, Inc.cisco
Product
rv345_dual_wan_gigabit_vpn_router_firmware
CPEs
  • cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 1.0.03.24 through * (custom)
Vendor
Cisco Systems, Inc.cisco
Product
rv345p_dual_wan_gigabit_poe_vpn_router_firmware
CPEs
  • cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 1.0.03.24 through * (custom)
Vendor
Cisco Systems, Inc.cisco
Product
rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware
CPEs
  • cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 1.0.03.24 through * (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e
x_transferred
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:ykramarz@cisco.com
Published At:17 Jul, 2024 | 17:15
Updated At:18 Jul, 2024 | 12:28

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-130Secondaryykramarz@cisco.com
CWE ID: CWE-130
Type: Secondary
Source: ykramarz@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2eykramarz@cisco.com
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e
Source: ykramarz@cisco.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

56Records found
CVE-2021-1385
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.41% / 60.75%
||
7 Day CHG~0.00%
Published-24 Mar, 2021 | 20:07
Updated-08 Nov, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOx Application Environment Path Traversal Vulnerability

A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticated, remote attacker to conduct directory traversal attacks and read and write files on the underlying operating system or host system. This vulnerability occurs because the device does not properly validate URIs in IOx API requests. An attacker could exploit this vulnerability by sending a crafted API request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the underlying operating system.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xeiosCisco IOS
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2024-20478
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.83%
||
7 Day CHG~0.00%
Published-28 Aug, 2024 | 16:30
Updated-01 Aug, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Application Policy Infrastructure Controller App Privilege Escalation Vulnerability

A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root. Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-application_policy_infrastructure_controllerCisco Application Policy Infrastructure Controller (APIC)application_policy_infrastructure_controller
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2022-20690
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 13.51%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 16:56
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_190ata_190_firmwareata_191_firmwareata_191ata_192Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-20870
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.15% / 36.13%
||
7 Day CHG~0.00%
Published-10 Oct, 2022 | 20:43
Updated-01 Nov, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software for Catalyst Switches MPLS Denial of Service Vulnerability

A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-catalyst_3650-24ps-scatalyst_3850catalyst_3650catalyst_3850-32xs-ecatalyst_3850-12xs-scatalyst_3850-24s-ecatalyst_9300l-48p-4g-ecatalyst_9300l-48t-4g-ecatalyst_9500hcatalyst_3850-24p-scatalyst_3650-12x48urcatalyst_3650-24pdm-lcatalyst_3850-16xs-scatalyst_c9600-lc-48txcatalyst_3850-48pw-scatalyst_9300l-24t-4x-acatalyst_3850-24ucatalyst_9300-48un-ecatalyst_c9500-16xcatalyst_9300-48p-acatalyst_9300-24s-acatalyst_3650-24ts-ecatalyst_3650-24ps-lcatalyst_9300l-24p-4g-ecatalyst_c9500-40x-acatalyst_9300l-48t-4x-acatalyst_3650-48td-scatalyst_c9600-lc-48scatalyst_3650-24pdmcatalyst_3650-8x24pd-scatalyst_3850-48u-lcatalyst_3650-48ts-lcatalyst_3650-48tq-ecatalyst_3850-nm-2-40gcatalyst_c9500-24y4ccatalyst_3650-8x24uq-lcatalyst_9300lmcatalyst_3650-48fd-lcatalyst_3650-48fs-lcatalyst_3650-48pq-ecatalyst_3650-48fs-ecatalyst_3650-24pd-lcatalyst_3650-24pd-scatalyst_3650-24td-lcatalyst_3650-24ts-lcatalyst_9300-24t-ecatalyst_3650-12x48uzcatalyst_9300l-24t-4g-ecatalyst_c9500-12q-ecatalyst_3850-48xscatalyst_3650-12x48uqcatalyst_3650-48fd-scatalyst_3650-48fs-scatalyst_3850-48t-scatalyst_9300-48p-ecatalyst_3650-48pq-lcatalyst_3850-24pw-scatalyst_3850-24t-scatalyst_3650-8x24pd-ecatalyst_3850-24t-lcatalyst_3850-48u-ecatalyst_9300-48t-ecatalyst_c9600-lc-24ccatalyst_3850-24xu-ecatalyst_c9500-12q-acatalyst_3650-12x48uq-ecatalyst_9300l-48p-4g-acatalyst_3650-24td-scatalyst_3650-48pd-lcatalyst_3650-8x24uqcatalyst_9600catalyst_3850-48u-scatalyst_9300l-48t-4g-acatalyst_3850-16xs-ecatalyst_3650-48tq-scatalyst_3650-24pdm-scatalyst_3850-24xucatalyst_9300-48uxm-ecatalyst_3850-48p-ecatalyst_3650-12x48ur-ecatalyst_9300l-48p-4x-ecatalyst_9400catalyst_3650-48fqm-scatalyst_3850-48t-lcatalyst_3650-48fd-ecatalyst_3650-12x48fd-scatalyst_c3850-12x48u-ecatalyst_3650-12x48uq-lcatalyst_9300l-48p-4x-acatalyst_3650-48fq-ecatalyst_9300-24s-ecatalyst_3650-8x24uq-scatalyst_9300-48u-ecatalyst_3650-48tq-lcatalyst_9300-48u-acatalyst_9300-48s-acatalyst_3650-12x48fd-lcatalyst_c9500-40xcatalyst_3650-48fq-scatalyst_3850-24p-ecatalyst_3850-48xs-f-scatalyst_9300-24t-acatalyst_9300l-24p-4x-acatalyst_9300catalyst_c9500-16x-acatalyst_3850-48t-ecatalyst_3650-48pq-scatalyst_3850-24xu-scatalyst_3650-48fqmcatalyst_c9500-40x-ecatalyst_3650-48td-lcatalyst_c3850-12x48u-scatalyst_3650-48fqm-lcatalyst_3850-24xs-ecatalyst_3850-12s-scatalyst_3650-8x24uq-ecatalyst_3850-24u-lcatalyst_c9500-24q-ecatalyst_9300l-24t-4g-acatalyst_3850-48f-scatalyst_3650-12x48ur-lcatalyst_3850-24u-scatalyst_c3850-12x48u-lcatalyst_9300l-24t-4x-ecatalyst_3650-24pdcatalyst_c9600-lc-48ylcatalyst_3850-48f-ecatalyst_c9500-12qcatalyst_3650-12x48uz-scatalyst_c9500-24qcatalyst_9300l-24p-4g-acatalyst_9300-48uxm-acatalyst_9300l-24p-4x-ecatalyst_9300-24ux-acatalyst_9300-24p-acatalyst_3850-32xs-scatalyst_3650-48ps-lcatalyst_9500catalyst_3650-12x48fd-ecatalyst_3850-48f-lcatalyst_3850-24xu-lcatalyst_3850-48xs-ecatalyst_3850-24s-scatalyst_3650-24td-ecatalyst_9300-48s-ecatalyst_3650-48td-ecatalyst_9300-24u-acatalyst_3850-48ucatalyst_3650-8x24pd-lcatalyst_c9500-32ccatalyst_3650-48fqcatalyst_9300lcatalyst_3650-48fq-lcatalyst_3650-12x48uz-ecatalyst_3650-12x48uq-scatalyst_9300-24u-ecatalyst_c9500-32qccatalyst_3650-12x48ur-scatalyst_3850-48p-scatalyst_3850-12x48ucatalyst_9300xcatalyst_3650-48pd-scatalyst_9300-48un-acatalyst_3650-24pd-ecatalyst_3650-12x48uz-lcatalyst_9300-24p-ecatalyst_3850-48xs-f-ecatalyst_9300-48t-acatalyst_c9500-16x-ecatalyst_9300l-48t-4x-ecatalyst_3850-12s-ecatalyst_3850-24p-lcatalyst_3850-24t-ecatalyst_3850-24xscatalyst_3650-24ts-scatalyst_3650-24ps-ecatalyst_3850-24xs-scatalyst_3650-48ps-scatalyst_3650-48fqm-ecatalyst_3650-48pd-ecatalyst_3650-24pdm-ecatalyst_3850-24u-ecatalyst_3850-48xs-sios_xecatalyst_3650-48ts-ecatalyst_3850-48p-lcatalyst_c9500-24q-acatalyst_c9500-48y4ccatalyst_3850-nm-8-10gcatalyst_3650-48ts-scatalyst_3650-48ps-ecatalyst_9300-24ux-ecatalyst_3850-12xs-eCisco IOS XE Software
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2022-20686
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.54%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 16:53
Updated-03 Aug, 2024 | 02:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device and cause the LLDP service to restart. These vulnerabilities are due to missing length validation of certain LLDP packet header fields. An attacker could exploit these vulnerabilities by sending a malicious LLDP packet to an affected device. A successful exploit could allow the attacker to execute code on the affected device and cause LLDP to restart unexpectedly, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_190ata_190_firmwareata_191_firmwareata_191ata_192Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-20689
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.12%
||
7 Day CHG~0.00%
Published-07 Dec, 2022 | 16:54
Updated-01 Nov, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, adjacent attacker to cause Cisco Discovery Protocol memory corruption on an affected device. These vulnerabilities are due to missing length validation checks when processing Cisco Discovery Protocol messages. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read of the valid Cisco Discovery Protocol packet data, which could allow the attacker to cause corruption in the internal Cisco Discovery Protocol database of the affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_190ata_190_firmwareata_191_firmwareata_191ata_192Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
  • Previous
  • 1
  • 2
  • Next
Details not found