CVE-2020-3358 - OpenCVE

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to the targeted device. A successful exploit could allow the attacker to cause a reload, resulting in a DoS condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Rv340 Dual Wan Gigabit Vpn Router Rv340 Dual Wan Gigabit Vpn Router Firmware Rv340w Dual Wan Gigabit Wireless-ac Vpn Router Rv340w Dual Wan Gigabit Wireless-ac Vpn Router Firmware Rv345 Dual Wan Gigabit Vpn Router Rv345 Dual Wan Gigabit Vpn Router Firmware Rv345p Dual Wan Gigabit Poe Vpn Router Rv345p Dual Wan Gigabit Poe Vpn Router Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv340_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv345_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:rv345p_dual_wan_gigabit_poe_vpn_router:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-dos-ZN5GvNH7

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-07-16T17:21:28.529068Z

Updated: 2024-09-16T23:15:47.208Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3358

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-07-16T18:15:18.173

Modified: 2023-11-07T03:22:37.643

Link: CVE-2020-3358

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object