CVE-2022-20923

CWE-303CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICAL
EPSS
0.2%
top 63.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Cisco Cisco Small Business RV Series Router FirmwareCisco Rv110w FirmwareCisco Rv130 Firmware+2 more
Timeline
PublishedSep 8
Latest updateSep 9

Description

A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network. This vulnerability is due to the improper implementation of the password validation algorithm. An attacker could exploit this vulnerability by logging in to the VPN from an affected device with crafted credentials. A successful exploit could allow t

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages5 packages

NVDcisco/rv130w_firmware1.0.3.55, 1.2.2.8, 1.3.1.7+2
NVDcisco/rv130_firmware1.0.3.55, 1.2.2.8, 1.3.1.7+2
NVDcisco/rv110w_firmware1.0.3.55, 1.2.2.8, 1.3.1.7+2
NVDcisco/rv215w_firmware1.0.3.55, 1.2.2.8, 1.3.1.7+2

🔴Vulnerability Details

2
GHSA
GHSA-q55q-mwv4-x93q: A vulnerability in the IPSec VPN Server authentication functionality of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an2022-09-09
CVEList
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability2022-09-08

📋Vendor Advisories

1
Cisco
Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers IPSec VPN Server Authentication Bypass Vulnerability2022-09-07
CVE-2022-20923 (CRITICAL CVSS 9.8) | A vulnerability in the IPSec VPN Se | cvebase.io