CVE-2022-20799

CWE-77 — Command Injection CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGH

EPSS

0.9%

top 24.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Rv340 Firmware Cisco Rv340w Firmware Cisco Rv345 Firmware +2 more

Timeline

PublishedMay 4

Latest updateMay 5

Description

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrar…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages5 packages

▶CVEListV5cisco/cisco_small_business_rv_series_router_firmwaren/a

▶NVDcisco/rv340_firmware< 1.0.03.27

▶NVDcisco/rv345_firmware< 1.0.03.27

▶NVDcisco/rv340w_firmware< 1.0.03.27

▶NVDcisco/rv345p_firmware< 1.0.03.27

🔴Vulnerability Details

GHSA

GHSA-6m4r-6x5q-4gv6: Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote at↗2022-05-05

▶

CVEList

Cisco Small Business RV Series Routers Command Injection Vulnerabilities↗2022-05-04

▶

📋Vendor Advisories

Cisco

Cisco Small Business RV Series Routers Command Injection Vulnerabilities↗2022-05-04

▶