What is CVE-2024-20335?

CVE-2024-20335 is a medium-severity vulnerability in Cisco Business Wireless Access Point Software, classified under OS Command Injection. CVSS score: 6.5/10. Published 2024-03-06.

How severe is CVE-2024-20335?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2024-20335 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Cisco Business Wireless Access Point Software

CVE-2024-20335

A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (33.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Business Wireless Access Point Software — versions 1.0.0.13, 1.0.0.16, 1.0.0.3

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

cisco-sa-sb-wap-multi-85G83CRB

Frequently asked questions

What is CVE-2024-20335?: CVE-2024-20335 is a medium-severity vulnerability in Cisco Business Wireless Access Point Software, classified under OS Command Injection. CVSS score: 6.5/10. Published 2024-03-06.
How severe is CVE-2024-20335?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2024-20335 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.