Cisco VPN Routers Flaw Let Attackers Execute Remote Code


Cisco recently disclosed that its RV340 and RV345 Dual WAN Gigabit VPN Routers have a significant flaw in the upload module. This flaw could allow a remote, authenticated attacker to run arbitrary code on an impacted device.

With a CVSS base score of 6.5, this medium-severity vulnerability is tracked as CVE-2024-20416. It stems from insufficient boundary checks when processing specified HTTP requests.

EHA

“An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device,” Cisco said.

If the exploit is successful, the attacker might be able to run arbitrary code as the root user on the device’s underlying operating system. Jacob Baines of VulnCheck, Inc., has discovered this vulnerability.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Vulnerable Products

Those using Cisco Small Business Router Firmware Release 1.0.03.24 or later were susceptible to this vulnerability as of the time of publication:

  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit PoE VPN Routers

Cisco confirms that the following Cisco products are unaffected by this vulnerability:

  • RV160 VPN Routers
  • RV160W Wireless-AC VPN Routers
  • RV260 VPN Routers
  • RV260P VPN Routers with PoE
  • RV260W Wireless-AC VPN Routers

Cisco stated that it is unaware of any malicious vulnerability exploitation or public announcements.

Fixes For The Vulnerability

Software patches to fix the vulnerability have not been released by Cisco and will not be released by them.

Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers have reached the end-of-life process. There are no workarounds for this vulnerability.

Customers are recommended to periodically review the advisories for Cisco products, accessed through the Cisco Security Advisories page when considering a device migration to identify exposure and a comprehensive update solution.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.



Source link