CVE-2020-3357
📋 TL;DR
This critical vulnerability in Cisco Small Business VPN routers allows unauthenticated remote attackers to execute arbitrary code or cause denial of service by sending specially crafted HTTP requests over SSL connections. Affected devices include RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers.
💻 Affected Systems
- Cisco RV340
- Cisco RV340W
- Cisco RV345
- Cisco RV345P
📦 What is this software?
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attacker to install persistent backdoors, steal credentials, pivot to internal networks, or permanently disable the device.
Likely Case
Remote code execution leading to device compromise and potential lateral movement within the network, or denial of service disrupting VPN and routing services.
If Mitigated
If properly patched or workarounds implemented, no impact beyond potential temporary service disruption during patching.
🎯 Exploit Status
Exploitation requires no authentication and involves sending crafted HTTP requests, making this easily weaponizable for botnets and automated attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: RV340/RV340W: 1.0.03.20 or later; RV345/RV345P: 1.0.03.20 or later
Vendor Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rce-dos-9ZAjkx4
Restart Required: Yes
Instructions:
1. Log into router web interface. 2. Navigate to Administration > Firmware Upgrade. 3. Download latest firmware from Cisco website. 4. Upload and install firmware. 5. Reboot device after installation completes.
🔧 Temporary Workarounds
Disable SSL VPN
allTemporarily disable SSL VPN feature if immediate patching isn't possible
Navigate to VPN > SSL VPN > Server Settings and disable SSL VPN server
Restrict Access
allLimit access to VPN interface using firewall rules
Configure firewall to restrict access to VPN ports (typically TCP 443) to trusted IP addresses only
🧯 If You Can't Patch
- Isolate affected devices in network segments with strict firewall rules
- Implement network monitoring and intrusion detection for exploit attempts
🔍 How to Verify
Check if Vulnerable:
Check firmware version in web interface: Administration > Firmware Upgrade > Current Firmware VersionCheck Version:
Check via web interface or SSH: show versionVerify Fix Applied:
Verify firmware version is 1.0.03.20 or later and test SSL VPN functionality📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests to SSL VPN endpoint
- Device reboot logs without normal cause
- Failed authentication attempts followed by successful exploitation
Network Indicators:
- Unusual outbound connections from router
- Malformed HTTP packets to VPN port 443
- Sudden increase in traffic to router management interface
SIEM Query:
source="router_logs" AND ("SSL VPN" OR "RV340" OR "RV345") AND ("reboot" OR "crash" OR "malformed")