CVE-2020-3358

Name of the Vulnerable Software and Affected Versions Cisco Small Business RV VPN Routers (affected versions not specified) Cisco Small Business RV340 Cisco Small Business RV340W Cisco Small Business RV345 Cisco Small Business RV345P

Description A vulnerability in the Secure Sockets Layer (SSL) VPN feature could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, resulting in a denial of service (DoS) condition. This issue is due to a lack of proper input validation of HTTP requests. An attacker could exploit this by sending a crafted HTTP request over an SSL connection to the targeted device, causing a reload and resulting in a DoS condition.

Recommendations For Cisco Small Business RV VPN Routers, consider temporarily disabling the SSL VPN feature until a patch is available. For Cisco Small Business RV340, RV340W, RV345, and RV345P, restrict access to the VPN functionality to minimize the risk of exploitation. As a temporary workaround, consider implementing additional input validation for HTTP requests to prevent crafted requests from causing a device restart. At the moment, there is no information about a newer version that contains a fix for this vulnerability.