CVE-2022-20707

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write CWE-269 — Improper Privilege Management CWE-285 CWE-295 — Improper Certificate Validation CWE-347 CWE-362 — Race Condition CWE-434 — Unrestricted File Upload CWE-552 — Files Accessible to External Parties CWE-754 CWE-77 — Command Injection CWE-7856 documents6 sources

Severity

7.3HIGH

EPSS

81.4%

top 0.83%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Cisco Rv340 Firmware Cisco Rv340w Firmware Cisco Rv345 Firmware +2 more

Timeline

PublishedFeb 10

Latest updateFeb 11

Description

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages5 packages

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwaren/a

▶NVDcisco/rv340_firmware1.0.03.24

▶NVDcisco/rv345_firmware1.0.03.24

▶NVDcisco/rv340w_firmware1.0.03.24

▶NVDcisco/rv345p_firmware1.0.03.24

🔴Vulnerability Details

GHSA

GHSA-gcrm-6c5f-p543: Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Exe↗2022-02-11

▶

CVEList

Cisco Small Business RV Series Routers Vulnerabilities↗2022-02-10

▶

VulnCheck

Cisco RV Series Routers Stack-based Buffer Overflow↗2022

▶

💥Exploits & PoCs

Metasploit

Cisco RV Series Authentication Bypass and Command Injection↗

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV Series Routers Vulnerabilities↗2022-02-02

▶