0X00String

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV340 Series Routers (affected versions not specified) Description: The issue is related to a buffer overflow in the memory of the web-based management interface of Cisco Small Business RV340 Series Routers. This could allow a remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need to have administrative credentials to exploit this issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV340 versions Cisco Small Business RV340W versions Cisco Small Business RV345 versions Cisco Small Business RV345P versions **Description** The issue exists due to insufficient validation of HTTP requests in the Secure Sockets Layer (SSL) VPN feature. This could allow a remote attacker to execute arbitrary code on an affected device or cause it to reload, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a crafted HTTP request over an SSL connection. **Recommendations** For Cisco Small Business RV340, update the firmware to a version that fixes the vulnerability. For Cisco Small Business RV340W, update the firmware to a version that fixes the vulnerability. For Cisco Small Business RV345, update the firmware to a version that fixes the vulnerability. For Cisco Small Business RV345P, update the firmware to a version that fixes the vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Small Business RV VPN Routers (affected versions not specified) Cisco Small Business RV340 Cisco Small Business RV340W Cisco Small Business RV345 Cisco Small Business RV345P **Description** A vulnerability in the Secure Sockets Layer (SSL) VPN feature could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, resulting in a denial of service (DoS) condition. This issue is due to a lack of proper input validation of HTTP requests. An attacker could exploit this by sending a crafted HTTP request over an SSL connection to the targeted device, causing a reload and resulting in a DoS condition. **Recommendations** For Cisco Small Business RV VPN Routers, consider temporarily disabling the SSL VPN feature until a patch is available. For Cisco Small Business RV340, RV340W, RV345, and RV345P, restrict access to the VPN functionality to minimize the risk of exploitation. As a temporary workaround, consider implementing additional input validation for HTTP requests to prevent crafted requests from causing a device restart. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** CUPS versions prior to 2.0.3 **Description** The issue is related to the `add job` function in the `scheduler/ipp.c` file of the CUPS server, which performs incorrect free operations for multiple-value job-originating-host-name attributes. This allows remote attackers to trigger data corruption for reference-counted strings via crafted IPP requests, such as `IPP CREATE JOB` or `IPP PRINT JOB` requests. The exploitation of this issue can lead to the modification of the device's configuration file or the execution of arbitrary code. **Recommendations** For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `add job` function in the `scheduler/ipp.c` file until a patch is available. Avoid using the `IPP CREATE JOB` and `IPP PRINT JOB` requests in the affected API endpoints until the issue is resolved.