Cisco fixes  RCE Vulnerability in its Routers -CVE-2024-20416
BARCELONA, SPAIN - JANUARY 30: A logo sits illuminated outside the Cisco booth at ISE 2024 on January 30, 2024 in Barcelona, Spain. This year the 20th edition of Integrated Systems Europe (ISE) is being held, the sixth in Barcelona. The hall occupies the entire surface of the Fira Gran Via exhibition center with 82,000 square meters, 30% more than last year. This year there are 1,340 exhibitors and more than 90,000 visitors are expected to attend. (Photo by Cesc Maymo/Getty Images)

Cisco fixes RCE Vulnerability in its Routers -CVE-2024-20416


Cisco has released a patch for a vulnerability in their RV340 and RV345 Dual WAN Gigabit VPN routers that could allow an authenticated attacker to remotely execute arbitrary code on affected devices.

The vulnerability tracked as CVE-2024-20416 has a CVSS score of 6.5, stems from insufficient boundary checks when processing specific HTTP requests, potentially granting attackers extensive control over the router’s underlying operating system.

Cisco has announced it will not release software updates to address it, as the affected router models have reached end-of-life status. The following Cisco products are impacted by this vulnerability if they are running Cisco Small Business Router Firmware Release 1.0.03.24 or later:

  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit PoE VPN Routers

Cisco has confirmed that there are no workarounds to mitigate this vulnerability. Since there is no software fix available, the only recommended course of action is to replace the affected routers with newer, supported models

While Cisco PSIRT is not currently aware of any public exploits or malicious use of the vulnerability, the lack of a patch underscores the urgency for users to take action.

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.