CVE-2024-20520

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 2, 2024
Updated: Oct 8, 2024
CWE ID 787
CWE ID 121

Summary

CVE-2024-20520 is a vulnerability affecting Cisco Small Business RV042, RV042G, RV320, and RV325 routers, which allows an authenticated Administrator-level attacker to execute arbitrary code as the root user through the web-based management interface. This issue stems from improper validation of user-supplied input, enabling exploitation via crafted HTTP requests. The vulnerability requires valid Administrator credentials for exploitation and poses a medium-severity threat with high impacts on confidentiality and integrity. Organizations are advised to remediate this vulnerability by applying patches provided by Cisco, as outlined in their security advisory. Failure to address this vulnerability could lead to significant security breaches and unauthorized access to sensitive data within affected systems.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share