{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20393", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.659Z", "datePublished": "2024-10-02T16:53:04.527Z", "dateUpdated": "2024-10-02T19:58:58.443Z"}, "containers": {"cna": {"title": "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms", "name": "cisco-sa-rv34x-privesc-rce-qE33TCms"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-rv34x-privesc-rce-qE33TCms", "discovery": "EXTERNAL", "defects": ["CSCwm27935"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Authorization", "type": "cwe", "cweId": "CWE-285"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "versions": [{"version": "1.0.01.17", "status": "affected"}, {"version": "1.0.03.17", "status": "affected"}, {"version": "1.0.01.16", "status": "affected"}, {"version": "1.0.01.18", "status": "affected"}, {"version": "1.0.00.29", "status": "affected"}, {"version": "1.0.03.16", "status": "affected"}, {"version": "1.0.03.15", "status": "affected"}, {"version": "1.0.02.16", "status": "affected"}, {"version": "1.0.01.20", "status": "affected"}, {"version": "1.0.00.33", "status": "affected"}, {"version": "1.0.03.18", "status": "affected"}, {"version": "1.0.03.19", "status": "affected"}, {"version": "1.0.03.20", "status": "affected"}, {"version": "1.0.03.21", "status": "affected"}, {"version": "1.0.03.22", "status": "affected"}, {"version": "1.0.03.24", "status": "affected"}, {"version": "1.0.03.26", "status": "affected"}, {"version": "1.0.03.27", "status": "affected"}, {"version": "1.0.03.28", "status": "affected"}, {"version": "1.0.03.29", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-10-02T16:53:04.527Z"}}, "adp": [{"affected": [{"vendor": "cisco", "product": "small_business_rv_series_router_firmware", "cpes": ["cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.01.17", "status": "affected"}, {"version": "1.0.03.17", "status": "affected"}, {"version": "1.0.01.16", "status": "affected"}, {"version": "1.0.01.18", "status": "affected"}, {"version": "1.0.00.29", "status": "affected"}, {"version": "1.0.03.16", "status": "affected"}, {"version": "1.0.03.15", "status": "affected"}, {"version": "1.0.02.16", "status": "affected"}, {"version": "1.0.01.20", "status": "affected"}, {"version": "1.0.00.33", "status": "affected"}, {"version": "1.0.03.18", "status": "affected"}, {"version": "1.0.03.19", "status": "affected"}, {"version": "1.0.03.20", "status": "affected"}, {"version": "1.0.03.21", "status": "affected"}, {"version": "1.0.03.22", "status": "affected"}, {"version": "1.0.03.24", "status": "affected"}, {"version": "1.0.03.26", "status": "affected"}, {"version": "1.0.03.27", "status": "affected"}, {"version": "1.0.03.28", "status": "affected"}, {"version": "1.0.03.29", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T19:02:15.620891Z", "id": "CVE-2024-20393", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T19:58:58.443Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20393", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-02T19:02:15.620891Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "small_business_rv_series_router_firmware", "versions": [{"status": "affected", "version": "1.0.01.17"}, {"status": "affected", "version": "1.0.03.17"}, {"status": "affected", "version": "1.0.01.16"}, {"status": "affected", "version": "1.0.01.18"}, {"status": "affected", "version": "1.0.00.29"}, {"status": "affected", "version": "1.0.03.16"}, {"status": "affected", "version": "1.0.03.15"}, {"status": "affected", "version": "1.0.02.16"}, {"status": "affected", "version": "1.0.01.20"}, {"status": "affected", "version": "1.0.00.33"}, {"status": "affected", "version": "1.0.03.18"}, {"status": "affected", "version": "1.0.03.19"}, {"status": "affected", "version": "1.0.03.20"}, {"status": "affected", "version": "1.0.03.21"}, {"status": "affected", "version": "1.0.03.22"}, {"status": "affected", "version": "1.0.03.24"}, {"status": "affected", "version": "1.0.03.26"}, {"status": "affected", "version": "1.0.03.27"}, {"status": "affected", "version": "1.0.03.28"}, {"status": "affected", "version": "1.0.03.29"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T19:57:11.915Z"}}], "cna": {"title": "Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability", "source": {"defects": ["CSCwm27935"], "advisory": "cisco-sa-rv34x-privesc-rce-qE33TCms", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Small Business RV Series Router Firmware", "versions": [{"status": "affected", "version": "1.0.01.17"}, {"status": "affected", "version": "1.0.03.17"}, {"status": "affected", "version": "1.0.01.16"}, {"status": "affected", "version": "1.0.01.18"}, {"status": "affected", "version": "1.0.00.29"}, {"status": "affected", "version": "1.0.03.16"}, {"status": "affected", "version": "1.0.03.15"}, {"status": "affected", "version": "1.0.02.16"}, {"status": "affected", "version": "1.0.01.20"}, {"status": "affected", "version": "1.0.00.33"}, {"status": "affected", "version": "1.0.03.18"}, {"status": "affected", "version": "1.0.03.19"}, {"status": "affected", "version": "1.0.03.20"}, {"status": "affected", "version": "1.0.03.21"}, {"status": "affected", "version": "1.0.03.22"}, {"status": "affected", "version": "1.0.03.24"}, {"status": "affected", "version": "1.0.03.26"}, {"status": "affected", "version": "1.0.03.27"}, {"status": "affected", "version": "1.0.03.28"}, {"status": "affected", "version": "1.0.03.29"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms", "name": "cisco-sa-rv34x-privesc-rce-qE33TCms"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-285", "description": "Improper Authorization"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-10-02T16:53:04.527Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20393", "state": "PUBLISHED", "dateUpdated": "2024-10-02T19:58:58.443Z", "dateReserved": "2023-11-08T15:08:07.659Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-10-02T16:53:04.527Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.00.29:*:*:*:*:*:*:*", "matchCriteriaId": "EBAD013E-3550-4157-B52A-F045DEFB0810", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.00.33:*:*:*:*:*:*:*", "matchCriteriaId": "566AF5EF-B7BD-4F4A-9D5E-82588207C80E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.01.16:*:*:*:*:*:*:*", "matchCriteriaId": "C0B4BB7F-FE4B-404D-9977-AAA3D492634B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.01.17:*:*:*:*:*:*:*", "matchCriteriaId": "F6BCBFF6-9A31-48BD-B93D-598564A3BB30", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.01.18:*:*:*:*:*:*:*", "matchCriteriaId": "DB20575D-3E22-49CA-91DE-CBACF2146D3E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.01.20:*:*:*:*:*:*:*", "matchCriteriaId": "8836DC95-1076-4CC4-8A6C-34F3ACCA312A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.02.16:*:*:*:*:*:*:*", "matchCriteriaId": "45488336-CAF5-4F15-BB6E-5BEBD87A4F97", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.15:*:*:*:*:*:*:*", "matchCriteriaId": "BB498AAC-2FAC-4FCC-B644-1180627A5D1F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.16:*:*:*:*:*:*:*", "matchCriteriaId": "744B76F8-1276-42ED-8913-5FC9E11F2F2E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.17:*:*:*:*:*:*:*", "matchCriteriaId": "1A4D7663-50E6-45B1-8701-2DF2D7F744AB", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.18:*:*:*:*:*:*:*", "matchCriteriaId": "C0E4341D-9FD4-4AAD-A5BE-35B0909A8FE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.19:*:*:*:*:*:*:*", "matchCriteriaId": "33A1EFF8-024B-46F6-A7E3-FCC593314B1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.20:*:*:*:*:*:*:*", "matchCriteriaId": "D0D4C611-38FD-4BF1-B478-03F01283EAC5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.21:*:*:*:*:*:*:*", "matchCriteriaId": "4788385E-133A-4908-97A0-135403424DA9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.22:*:*:*:*:*:*:*", "matchCriteriaId": "150DE44A-A558-4C15-8028-C301259E5ABF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*", "matchCriteriaId": "3B5E8D98-570C-49A1-9934-45BBCD02AB6A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.26:*:*:*:*:*:*:*", "matchCriteriaId": "6D9FF79A-BEE5-4204-B2C5-E0943DCD7773", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.27:*:*:*:*:*:*:*", "matchCriteriaId": "F15F5D4D-A256-4A2E-9873-F0514F81CA77", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.28:*:*:*:*:*:*:*", "matchCriteriaId": "9ACFBF35-E5B2-4807-AC7D-E3021EAAEE94", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340_dual_wan_gigabit_vpn_router_firmware:1.0.03.29:*:*:*:*:*:*:*", "matchCriteriaId": "EA1379E9-D147-48F4-AE3A-860B49EFA497", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv340_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6822600-E716-4F22-AF34-AD2914D6C128", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.00.29:*:*:*:*:*:*:*", "matchCriteriaId": "5BC16280-4809-4B2C-825C-76A99392F95F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.00.33:*:*:*:*:*:*:*", "matchCriteriaId": "9A112271-F32C-49F5-B6DA-4DDBBB146106", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.01.16:*:*:*:*:*:*:*", "matchCriteriaId": "133E4C64-B9C8-4B65-927D-39B7BDF89AC2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.01.17:*:*:*:*:*:*:*", "matchCriteriaId": "ACD9ECA7-1DC4-4122-9D02-B258A62A2FA9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.01.18:*:*:*:*:*:*:*", "matchCriteriaId": "53A19846-F451-4578-A25B-F3777BE90C35", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.01.20:*:*:*:*:*:*:*", "matchCriteriaId": "A69964DE-67E6-4B1C-B3D2-C9177A891C40", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.02.16:*:*:*:*:*:*:*", "matchCriteriaId": "FB3346A2-D0FB-4AE7-87C0-793DE49D555B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.15:*:*:*:*:*:*:*", "matchCriteriaId": "40B366BB-EC50-4C1A-ACFA-61C86714FE1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.16:*:*:*:*:*:*:*", "matchCriteriaId": "29C253B5-DAAD-45F0-8A45-B6F44FC74DAD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.17:*:*:*:*:*:*:*", "matchCriteriaId": "4893D744-9041-4C89-A33C-8BB989B3FDFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.18:*:*:*:*:*:*:*", "matchCriteriaId": "2AB31F2B-3A74-45DD-B21E-A698E321BA6B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.19:*:*:*:*:*:*:*", "matchCriteriaId": "CCE2B1CD-E350-4C5D-BAA6-17138A8343F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.20:*:*:*:*:*:*:*", "matchCriteriaId": "03FFDBF2-939C-46A3-BA90-6DED64474338", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.21:*:*:*:*:*:*:*", "matchCriteriaId": "426C4FDC-AAF3-4726-80D0-7C48B06A7E65", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.22:*:*:*:*:*:*:*", "matchCriteriaId": "E08A813B-630D-4EF4-812B-9E81A48A1DC7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*", "matchCriteriaId": "F27B5644-BA7B-4442-A539-337F93238479", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.26:*:*:*:*:*:*:*", "matchCriteriaId": "9504523A-37F0-417A-99B4-CABE21E5E744", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.27:*:*:*:*:*:*:*", "matchCriteriaId": "BE54D030-093B-4267-8169-C2DCF72605D3", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.28:*:*:*:*:*:*:*", "matchCriteriaId": "D70E0828-1150-44FD-82C2-C441A3ACF644", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware:1.0.03.29:*:*:*:*:*:*:*", "matchCriteriaId": "F1C0171B-4C5D-4C15-84DD-E556C5AFDCBA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv340w_dual_wan_gigabit_wireless-ac_vpn_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7E29320-5668-4F48-9BA1-DC81B256320B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.00.29:*:*:*:*:*:*:*", "matchCriteriaId": "85C44874-31B8-4872-9973-4444D15B09B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.00.33:*:*:*:*:*:*:*", "matchCriteriaId": "005FADE6-BF4F-416A-965A-46BF5F6C6D0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.01.16:*:*:*:*:*:*:*", "matchCriteriaId": "0F78C801-EC2A-4B28-9ED1-A30E3589C3F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.01.17:*:*:*:*:*:*:*", "matchCriteriaId": "2218EEEA-BB4D-4343-BB9F-3C01EA473342", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.01.18:*:*:*:*:*:*:*", "matchCriteriaId": "609583B2-4D32-4E76-AA9B-DA24A1BAFB16", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.01.20:*:*:*:*:*:*:*", "matchCriteriaId": "59D15056-B04A-40F1-A6D4-66A91FCE5A75", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.02.16:*:*:*:*:*:*:*", "matchCriteriaId": "217B02B2-B4E6-40E7-993C-238D7FBEBFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.15:*:*:*:*:*:*:*", "matchCriteriaId": "5659BD61-EE0C-49BF-8484-034A58BA32E2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.16:*:*:*:*:*:*:*", "matchCriteriaId": "3B9B65AE-D6EF-4A2E-9C2D-D96E64506080", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.17:*:*:*:*:*:*:*", "matchCriteriaId": "383D6202-4215-46F5-9AA8-F7348997B99A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.18:*:*:*:*:*:*:*", "matchCriteriaId": "55939AC6-77E2-43E6-956C-B0B99CEAB315", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.19:*:*:*:*:*:*:*", "matchCriteriaId": "2385BD9B-80C6-4E54-A4A9-EEA724E58FE0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.20:*:*:*:*:*:*:*", "matchCriteriaId": "64CA692C-2D66-483B-A440-746A998CED07", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.21:*:*:*:*:*:*:*", "matchCriteriaId": "1D4AEE39-5EE2-43C7-80DC-B078A9953D4F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.22:*:*:*:*:*:*:*", "matchCriteriaId": "85FA6AFD-7A8E-4505-8E4F-3A06199E6697", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*", "matchCriteriaId": "36FE60B1-EE9F-4034-9612-482E2EECFBEA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.26:*:*:*:*:*:*:*", "matchCriteriaId": "DCCD1FC1-6029-4DDC-898C-169E429D1FA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.27:*:*:*:*:*:*:*", "matchCriteriaId": "1C1E99B3-ACEA-48C1-A649-497D5960F215", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.28:*:*:*:*:*:*:*", "matchCriteriaId": "53A69806-3B9F-46E5-877B-9477E3AF0A34", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345_dual_wan_gigabit_vpn_router_firmware:1.0.03.29:*:*:*:*:*:*:*", "matchCriteriaId": "95D01F5A-1CC5-4C52-AB70-5DF41588EF98", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv345_dual_wan_gigabit_vpn_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DF1ED87-3FDB-42CA-AA96-508B5F7B9206", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.00.29:*:*:*:*:*:*:*", "matchCriteriaId": "D2812299-2A3C-49AA-9E81-BE4AA50F0D8A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.00.33:*:*:*:*:*:*:*", "matchCriteriaId": "20569E42-E769-401B-8163-3981C7905943", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.01.16:*:*:*:*:*:*:*", "matchCriteriaId": "105566D1-80A2-4545-9BF9-B3382162CA48", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.01.17:*:*:*:*:*:*:*", "matchCriteriaId": "A468D852-CA7F-4561-9F0E-DB6A056A5F31", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.01.18:*:*:*:*:*:*:*", "matchCriteriaId": "C72F80EF-787D-4A5E-9B03-5215AD400571", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.01.20:*:*:*:*:*:*:*", "matchCriteriaId": "66D7C66E-AF9E-4419-B6CE-3489DC19212E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.02.16:*:*:*:*:*:*:*", "matchCriteriaId": "041D9323-A320-4492-BAC7-4E0B06FF56E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.15:*:*:*:*:*:*:*", "matchCriteriaId": "2D047F9E-7BCE-4F7E-B334-426F46CFCE66", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.16:*:*:*:*:*:*:*", "matchCriteriaId": "77E8D977-F28F-46D9-8DA2-7A1746F4278F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.17:*:*:*:*:*:*:*", "matchCriteriaId": "A87D53D4-AF6F-4E5C-A7A4-099294029C59", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.18:*:*:*:*:*:*:*", "matchCriteriaId": "42672D7D-5265-4323-A284-F36722F7C36A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.19:*:*:*:*:*:*:*", "matchCriteriaId": "A71CFA39-CF25-4B37-855A-7816770633ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.20:*:*:*:*:*:*:*", "matchCriteriaId": "2649FFCF-D9E1-466A-A7ED-4A2653259A3E", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.21:*:*:*:*:*:*:*", "matchCriteriaId": "743D74FF-2334-4C16-BDDD-FDFD4EEBF9EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.22:*:*:*:*:*:*:*", "matchCriteriaId": "29AF1721-2676-4FDA-97E0-55E53A03AC16", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.24:*:*:*:*:*:*:*", "matchCriteriaId": "C3005E36-D17A-498B-9BF4-1D972FA03553", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.26:*:*:*:*:*:*:*", "matchCriteriaId": "EFD115E4-53C8-4E3C-9024-4AE5F1F5DFB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.27:*:*:*:*:*:*:*", "matchCriteriaId": "1D0231F8-CC96-4F02-9737-654FECFCF624", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.28:*:*:*:*:*:*:*", "matchCriteriaId": "9C600D9E-4DDF-45A2-8760-749F0FB06513", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:rv345p_dual_wan_gigabit_poe_vpn_router_firmware:1.0.03.29:*:*:*:*:*:*:*", "matchCriteriaId": "B675841D-7591-492F-BCF0-E63D416C7F1E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv345p_dual_wan_gigabit_poe_vpn_router:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF972452-70D7-4026-A326-ACDD7446DD9B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability exists because the web-based management interface discloses sensitive information. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow an attacker to elevate privileges from guest to admin."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de los enrutadores VPN Gigabit de doble WAN Cisco Small Business RV340, RV340W, RV345 y RV345P podr\u00eda permitir que un atacante remoto autenticado eleve los privilegios en un dispositivo afectado. Esta vulnerabilidad existe porque la interfaz de administraci\u00f3n basada en web revela informaci\u00f3n confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una entrada HTTP manipulada a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante eleve los privilegios de invitado a administrador."}], "id": "CVE-2024-20393", "lastModified": "2024-10-08T14:37:39.713", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2024-10-02T17:15:15.337", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-285"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}