Cisco VPN Routers Flaw Let Attackers Execute Remote Code

by Esmeralda McKenzie
Cisco VPN Routers Flaw Let Attackers Execute Remote Code

Cisco VPN Routers Flaw Let Attackers Execute Remote Code

Cisco VPN Routers Flaw

Cisco no longer too long ago disclosed that its RV340 and RV345 Twin WAN Gigabit VPN Routers decide up a valuable flaw in the add module. This flaw would possibly well well well allow a much away, authenticated attacker to lumber arbitrary code on an impacted instrument.

With a CVSS hurry score of 6.5, this medium-severity vulnerability is tracked as CVE-2024-20416. It stems from insufficient boundary assessments when processing specified HTTP requests.

EHA

“An attacker would possibly well well well exploit this vulnerability by sending crafted HTTP requests to an affected instrument,” Cisco stated.

If the exploit is winning, the attacker will be ready to lumber arbitrary code as the basis particular person on the instrument’s underlying running machine. Jacob Baines of VulnCheck, Inc., has realized this vulnerability.

Susceptible Products

Those the use of Cisco Miniature Industry Router Firmware Liberate 1.0.03.24 or later had been at anguish of this vulnerability as of the time of publication:

  • RV340 Twin WAN Gigabit VPN Routers
  • RV340W Twin WAN Gigabit Wi-fi-AC VPN Routers
  • RV345 Twin WAN Gigabit VPN Routers
  • RV345P Twin WAN Gigabit PoE VPN Routers

Cisco confirms that the next Cisco products are unaffected by this vulnerability:

  • RV160 VPN Routers
  • RV160W Wi-fi-AC VPN Routers
  • RV260 VPN Routers
  • RV260P VPN Routers with PoE
  • RV260W Wi-fi-AC VPN Routers

Cisco stated that it’s a ways ignorant of any malicious vulnerability exploitation or public bulletins.

Fixes For The Vulnerability

Tool patches to repair the vulnerability decide up no longer been released by Cisco and would possibly well well well no longer be released by them.

Cisco RV340 and RV345 Twin WAN Gigabit VPN Routers decide up reached the tip-of-life route of. There have to now not any workarounds for this vulnerability.

Customers are in point of fact helpful to periodically review the advisories for Cisco products, accessed by the Cisco Safety Advisories web page when brooding a pair of instrument migration to call publicity and a complete update solution.

Source credit : cybersecuritynews.com

Related Posts