#VU71741 Arbitrary file upload in Cisco Systems, Inc products - CVE-2023-20073

Vulnerability identifier: #VU71741

Vulnerability risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-20073

CWE-ID: CWE-434

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Cisco RV340 Dual WAN Gigabit VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco RV345 Dual WAN Gigabit VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco RV345P Dual WAN Gigabit VPN Router
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to upload arbitrary files to an affected device.

The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload arbitrary files to an affected device.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Cisco RV340 Dual WAN Gigabit VPN Router: 1.0.0.33 - 1.0.03.29

Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router: 1.0.01.16 - 1.0.03.29

Cisco RV345 Dual WAN Gigabit VPN Router: 1.0.0.33 - 1.0.03.29

Cisco RV345P Dual WAN Gigabit VPN Router: 1.0.0.33 - 1.0.03.29

---

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe04040

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.